Page 1 of 1

Re: Need Some Perspectives, Again

PostPosted: Tue Mar 30, 2010 2:54 am
by al_9x
http://hackademix.net/2010/03/30/need-s ... ves-again/

Though I don't know the details of the Mozilla CA auditing, it seems to me an audit by definition can not produce trust.

trust = the will and intent to do the "right thing" under virtually any circumstances
successful audit = the capability to do the "right thing," if one so desires (in this case, to pass the audit)

So none of the CAs can really be trusted, but when even a single rogue trusted CA breaks the whole system, forget about it. Under the current system it would actually be better to have a single global CA. At least all scrutiny could be focused on it. Each new CA reduces the trust of the system, due to it's weakest link nature, the new CA can only lower the bar by becoming the new weakest link, it can never raise the bar. The way things are now with dozens of obscure root CAs each of them with the capability to spawn unlimited numbers of secondary CAs (every CA can resell by signing the child CA's cert, and the child CA is not even audited), it's almost a complete joke. This system appears to be broken by design.

There is another extension Certificate Patrol, whose functionality, if combined with perspectives ideally in a single extension, could possibly solve this problem:

Patrol has the functionality to detect changed certs (like SSH) and perspectives has the functionality tell you if the changed cert (or new cert, if first time) is the same as other users are seeing. This would work pretty well also with self signed certs.

Re: Need Some Perspectives, Again

PostPosted: Thu Apr 01, 2010 11:19 pm
by al_9x
Interesting thread on the subject.

It also underscores the completely ridiculous practice I mentioned of selling sub-CA certs.

Eddy Nigg wrote:
> On 04/01/2010 02:40 PM, Michael Ströder:
>> You could also spend ~5000 EUR and have your own corporate sub-CA issuing
>> certs for whatever DNS name you want.
>
> Which doesn't imply that no domain control validation is performed.

Off course everything is covered by contracts. But there isn't any domain
control validation in the particular case I know of.

An organization I know has such a sub-CA cert signed by a pre-installed
trusted root CA. Domain control validation is practically impossible for the
superior CA since this organization has tens of thousands domains registered.
I know that this organization does not do anything bad so I won't mention the
root CA here.

But personally I take this as evidence that if you spent this fairly low
amount of money you could issue arbitrary certs without the superior CA
noticing it. IMO this could not even be discovered by audits if someone would
want to hide bad activity.

Ciao, Michael.

Re: Need Some Perspectives, Again

PostPosted: Sun Apr 04, 2010 8:04 am
by dhouwn
I wonder what would happen if the name of the CA company would become public…

/edit:
http://patrol.psyced.org/ wrote:Comodo, GeoTrust, GlobalSign, QuoVadis, RSA WebTrust and StartCom are known to offer intermediate CA for money. Still StartCom is extremely popular with small and private web sites for its free services.

Re: Need Some Perspectives, Again

PostPosted: Mon Apr 12, 2010 5:56 am
by al_9x
The Certificate Patrol authors are wondering why there should be closer integration with perspectives:
al_9x suggests we should combine CertPatrol with Perspectives in a single add-on, but they already do great team work side by side, no?

Since they don't appear to have a forum, I guess I'll answer here. Patrol should support on demand Perspectives notaries querying at the moment that a new cert is added to the Patrol store and when a change is detected.

Re: Need Some Perspectives, Again

PostPosted: Sat Apr 17, 2010 5:19 pm
by dhouwn
al_9x wrote:Since they don't appear to have a forum
They have a multi-protocol (PSYC/IRC/Jabber/…) chat: http://www.psyced.org, major developers seem to be there pretty often and are all very friendly.

IRC-Link: ircs://ve.symlynx.com:9999

Re: Need Some Perspectives, Again

PostPosted: Wed Aug 31, 2011 7:41 pm
by dhouwn
And in the meantime we had at least four other occurrences, two with Comodo, one with a French CA and now recently with DigiNotar, time to bring this up again…

Re: Need Some Perspectives, Again

PostPosted: Sat Feb 18, 2012 6:18 pm
by dhouwn
Two words: Trustwave MITM

Re: Need Some Perspectives, Again

PostPosted: Sat Feb 18, 2012 6:58 pm
by Alan Baxter
Thanks. No link necessary. A web search gives lots of info.

Re: Need Some Perspectives, Again

PostPosted: Sat Feb 18, 2012 7:54 pm
by Hungry Man
Auditing is important. The problem is... who is doing the auditing?

In an open source environment communities do the auditing. In the CA environment either the CA does internal auditing or they are audited by another company. In the second situation you either have people holding themselves accountable or a company they hire holding them accountable... but who holds the auditing company accountable etc etc it's an endless chain.

Trust has to be community based.

I like the idea of self-signed cert internet with community vetting. It would be a lot more complicated than just that of course. Very similar to perspectives.