Re: Need Some Perspectives, Again
Posted: Tue Mar 30, 2010 2:54 am
http://hackademix.net/2010/03/30/need-s ... ves-again/
Though I don't know the details of the Mozilla CA auditing, it seems to me an audit by definition can not produce trust.
trust = the will and intent to do the "right thing" under virtually any circumstances
successful audit = the capability to do the "right thing," if one so desires (in this case, to pass the audit)
So none of the CAs can really be trusted, but when even a single rogue trusted CA breaks the whole system, forget about it. Under the current system it would actually be better to have a single global CA. At least all scrutiny could be focused on it. Each new CA reduces the trust of the system, due to it's weakest link nature, the new CA can only lower the bar by becoming the new weakest link, it can never raise the bar. The way things are now with dozens of obscure root CAs each of them with the capability to spawn unlimited numbers of secondary CAs (every CA can resell by signing the child CA's cert, and the child CA is not even audited), it's almost a complete joke. This system appears to be broken by design.
There is another extension Certificate Patrol, whose functionality, if combined with perspectives ideally in a single extension, could possibly solve this problem:
Patrol has the functionality to detect changed certs (like SSH) and perspectives has the functionality tell you if the changed cert (or new cert, if first time) is the same as other users are seeing. This would work pretty well also with self signed certs.
Though I don't know the details of the Mozilla CA auditing, it seems to me an audit by definition can not produce trust.
trust = the will and intent to do the "right thing" under virtually any circumstances
successful audit = the capability to do the "right thing," if one so desires (in this case, to pass the audit)
So none of the CAs can really be trusted, but when even a single rogue trusted CA breaks the whole system, forget about it. Under the current system it would actually be better to have a single global CA. At least all scrutiny could be focused on it. Each new CA reduces the trust of the system, due to it's weakest link nature, the new CA can only lower the bar by becoming the new weakest link, it can never raise the bar. The way things are now with dozens of obscure root CAs each of them with the capability to spawn unlimited numbers of secondary CAs (every CA can resell by signing the child CA's cert, and the child CA is not even audited), it's almost a complete joke. This system appears to be broken by design.
There is another extension Certificate Patrol, whose functionality, if combined with perspectives ideally in a single extension, could possibly solve this problem:
Patrol has the functionality to detect changed certs (like SSH) and perspectives has the functionality tell you if the changed cert (or new cert, if first time) is the same as other users are seeing. This would work pretty well also with self signed certs.