nanog mailing list archives
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
From: Jimmy Hess <mysidia () gmail com>
Date: Mon, 12 Sep 2011 18:02:27 -0500
On Mon, Sep 12, 2011 at 6:23 AM, Gregory Edigarov <greg () bestnet kharkov ua> wrote:
I.e. instead of a set of trusted CAs there will be one distributed net of servers, that act as a cert storage? I do not see how that could help...
More lines of defense on top of the CA model. Consider instead of abandoning the CA model altogether, you utilize DNSSEC binding of the certificate that must also be signed by a CA. If _either_ the DNSSEC record isn't present, doesn't validate, OR the certificate is not properly signed by a CA, then the certificate is considered invalid. In this manner, DNSSEC protects you against interception by a rogue CA -- chances are the rogue CA has not also discovered your DNSSEC secret keys, and the CA signature protects you against a compromise of the DNS, or an attack by your domain registrar -- your domain registrar is probably not a CA and doesn't have the right paperwork, therefore can't get a CA signed certificate with your company's name. The browsers then just need to revise their trust model to require no CA be affiliated with or owned by any organization affiliated with a provider of domain registration or DNS hosting services, to ensure there's no domain registrar entrusted to sign certs, and no CA entrusted to maintain DNSSEC data. -- -JH
Current thread:
- Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates), (continued)
- Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates) Randy Bush (Sep 12)
- Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates) Michael Thomas (Sep 12)
- Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates) Randy Bush (Sep 12)
- Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates) Ted Cooper (Sep 12)
- Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates) Martin Millnert (Sep 12)
- Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates) Michael Thomas (Sep 12)
- Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates) Tony Finch (Sep 12)
- Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates) Marcus Reid (Sep 12)
- Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates) Gregory Edigarov (Sep 12)
- Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates) Jasper Wallace (Sep 12)
- Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates) Jimmy Hess (Sep 12)