http://hackademix.net/2010/03/30/need-s ... ves-again/
Though I don't know the details of the Mozilla CA auditing, it seems to me an audit by definition can not produce trust.
trust = the will and intent to do the "right thing" under virtually any circumstances
successful audit = the capability to do the "right thing," if one so desires (in this case, to pass the audit)
So none of the CAs can really be trusted, but when even a single rogue trusted CA breaks the whole system, forget about it. Under the current system it would actually be better to have a single global CA. At least all scrutiny could be focused on it. Each new CA reduces the trust of the system, due to it's weakest link nature, the new CA can only lower the bar by becoming the new weakest link, it can never raise the bar. The way things are now with dozens of obscure root CAs each of them with the capability to spawn unlimited numbers of secondary CAs (every CA can resell by signing the child CA's cert, and the child CA is not even audited), it's almost a complete joke. This system appears to be broken by design.
There is another extension Certificate Patrol, whose functionality, if combined with perspectives ideally in a single extension, could possibly solve this problem:
Patrol has the functionality to detect changed certs (like SSH) and perspectives has the functionality tell you if the changed cert (or new cert, if first time) is the same as other users are seeing. This would work pretty well also with self signed certs.
Re: Need Some Perspectives, Again
Re: Need Some Perspectives, Again
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2
Re: Need Some Perspectives, Again
Interesting thread on the subject.
It also underscores the completely ridiculous practice I mentioned of selling sub-CA certs.
It also underscores the completely ridiculous practice I mentioned of selling sub-CA certs.
Eddy Nigg wrote:
> On 04/01/2010 02:40 PM, Michael Ströder:
>> You could also spend ~5000 EUR and have your own corporate sub-CA issuing
>> certs for whatever DNS name you want.
>
> Which doesn't imply that no domain control validation is performed.
Off course everything is covered by contracts. But there isn't any domain
control validation in the particular case I know of.
An organization I know has such a sub-CA cert signed by a pre-installed
trusted root CA. Domain control validation is practically impossible for the
superior CA since this organization has tens of thousands domains registered.
I know that this organization does not do anything bad so I won't mention the
root CA here.
But personally I take this as evidence that if you spent this fairly low
amount of money you could issue arbitrary certs without the superior CA
noticing it. IMO this could not even be discovered by audits if someone would
want to hide bad activity.
Ciao, Michael.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2
Re: Need Some Perspectives, Again
I wonder what would happen if the name of the CA company would become public…
/edit:
/edit:
http://patrol.psyced.org/ wrote:Comodo, GeoTrust, GlobalSign, QuoVadis, RSA WebTrust and StartCom are known to offer intermediate CA for money. Still StartCom is extremely popular with small and private web sites for its free services.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.366.2 Safari/533.4
Re: Need Some Perspectives, Again
The Certificate Patrol authors are wondering why there should be closer integration with perspectives:
Since they don't appear to have a forum, I guess I'll answer here. Patrol should support on demand Perspectives notaries querying at the moment that a new cert is added to the Patrol store and when a change is detected.al_9x suggests we should combine CertPatrol with Perspectives in a single add-on, but they already do great team work side by side, no?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
Re: Need Some Perspectives, Again
They have a multi-protocol (PSYC/IRC/Jabber/…) chat: http://www.psyced.org, major developers seem to be there pretty often and are all very friendly.al_9x wrote:Since they don't appear to have a forum
IRC-Link: [url]ircs://ve.symlynx.com:9999[/url]
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.9 Safari/533.4
Re: Need Some Perspectives, Again
And in the meantime we had at least four other occurrences, two with Comodo, one with a French CA and now recently with DigiNotar, time to bring this up again…
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0a2) Gecko/20110830 Firefox/8.0a2
Re: Need Some Perspectives, Again
Two words: Trustwave MITM
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20100101 Firefox/11.0
-
- Ambassador
- Posts: 1586
- Joined: Fri Mar 20, 2009 4:47 am
- Location: Colorado, USA
Re: Need Some Perspectives, Again
Thanks. No link necessary. A web search gives lots of info.
Mozilla/5.0 (Windows NT 5.1; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
-
- Junior Member
- Posts: 43
- Joined: Wed Oct 19, 2011 9:42 pm
Re: Need Some Perspectives, Again
Auditing is important. The problem is... who is doing the auditing?
In an open source environment communities do the auditing. In the CA environment either the CA does internal auditing or they are audited by another company. In the second situation you either have people holding themselves accountable or a company they hire holding them accountable... but who holds the auditing company accountable etc etc it's an endless chain.
Trust has to be community based.
I like the idea of self-signed cert internet with community vetting. It would be a lot more complicated than just that of course. Very similar to perspectives.
In an open source environment communities do the auditing. In the CA environment either the CA does internal auditing or they are audited by another company. In the second situation you either have people holding themselves accountable or a company they hire holding them accountable... but who holds the auditing company accountable etc etc it's an endless chain.
Trust has to be community based.
I like the idea of self-signed cert internet with community vetting. It would be a lot more complicated than just that of course. Very similar to perspectives.
Mozilla/5.0 (X11; CrOS i686 1660.34.0) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.32 Safari/535.19