On Jul 28, 2016 8:19 AM, "David A. Cooper" <[email protected]> wrote: > > The editor of this document is again making it clear that he intends to ignore input from the working group if what the working group wants for the document is different from what he wants. > > The so-called analogies below have nothing at all to do with the attack scenario that is supposed to be described in the text. The only thing that comes even close is: > >> This is analogous to an attacker providing different contact info (postal and e-mail addresses, etc.), while using the same CA name and the same key. > > > There is nothing in the attack scenario that involves the attacker providing different contact info to the two CAs from which it is trying to get CA certificates, but providing different contact info doesn't make the CA that the attacker is operating into two CAs. >
I care about semantical clarity as much as the next person, but I despite trying I've failed to understand what meaning CA has here. The two N certificates are different certificates. In what way does CA mean anything? > I could provide text describing the attack scenario that would be both technically correct and much easier to understand than what is currently in the document. However, there would be no point in my spending time writing something like that at the moment, as the current document editor has made it very clear that any such input would be ignored. > > > On 07/28/2016 10:00 AM, Stephen Kent wrote: >> >> David, >> >>> Unfortunately, I must yet again point out that there has still been no attempt to address the issues that I and a few others have pointed out with this document. >>> >>> I have explained on multiple occasions that it is both technically incorrect and confusing to refer to the attack as involving two CAs with the same name and key. >> >> You have made this statement several times, but I do not recall you citing specific text from 5280 that supports your contention. >> >> Although analogies are always imperfect, I'll propose two as a basis for rejecting your assertion. >> >> 1. When a person is the victim of identity theft, this is analogous to an attacker compromising the key of an extant CA and using it to create a CA instance with the same name and key as the targeted CA. We do not say that the identity thief is the same person as the victim, even though that is the goal of the identity thief. We recognize that, in the physical world, they are two different entities, even if the identity thief appears to be identical to the victim in the eyes of banks, government agencies, etc. >> >> 2. If an animal is cloned, the resulting offspring may be identical in appearance and genetics. Yet the clones are distinct animals, not one animal. Again, there is one animal only if one chooses to view the animal as beign defined by its appearance and genes, rather that physical world presence. This is analogous to an attacker providing different contact info (postal and e-mail addresses, etc.), while using the same CA name and the same key. These appear as two CAs as far as the CAs that issue certs to these entities are concerned. >> >> Steve > > > > _______________________________________________ > Trans mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/trans >
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
