Dailydave mailing list archives

Re: Questions about MD5+CA

From: Jon Oberheide <jon () oberheide org>
Date: Sat, 03 Jan 2009 04:44:15 -0500

On Sat, 2009-01-03 at 02:47 +0100, wishi wrote:

Dave Aitel schrieb:

Totally. This was a good opportunity for Mozilla or the IE team to be
thought leaders in security, and neither stepped up. The right thing
to do would have been to announce an update that disabled the root CA
in 10 days. That gives everyone ten days to get a new certificate from
somewhere else. Security is about hard choices. Currently, we're all
about sticking our heads in the sand - which devalues SSL as a
security protocol entirely.

[snip]

If they don't revoke the root, the security of the PKI system from
now until 2020 (when the RapidSSL cert expires) will rely on the
assumption that our team did not make a second CA cert that nobody
knows about and that nobody else did either. We didn't, but how can
we possibly prove that? How can any CA that used MD5 prove beyond
doubt that they have not signed a colliding key in the past?

[snip]

Security is about choices. For sure. About the choice to maximize profit
 at all costs, or not. That brings me back to "Perspectives" - the
firefox add on. I personally don't trust CAs, or huge PKIs. Latter
always get weaker, the larger they grow. And CAs are an economy of
strangely named companies that no one transparently monitors.

It's interesting: in theory PKIs work very well, as long as there's no
money. ;)


On the other hand, I'd argue that PKIs are more effective when there
_is_ money involved.

While CAs will of course attempt to maximize profits, any commericial
root CA included in popular browsers has a significant economic
incentive to maintain its trust and reputation.  Without revocation of
the offending root CAs by browser vendors, it is sending a message that
poor security practices will not be punished.

Responsible (and justified, in this case) revocation is the only way to
ensure that economic incentives continue to exist (eg. "Revocation costs
us X dollars so we need to invest Y dollars to ensure our compliance")
to improve the security practices of these CAs.

Regards,
Jon Oberheide

-- 
Jon Oberheide <jon () oberheide org>
GnuPG Key: 1024D/F47C17FE
Fingerprint: B716 DA66 8173 6EDD 28F6  F184 5842 1C89 F47C 17FE

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: Questions about MD5+CA Alexander Sotirov (Jan 01)
- Re: Questions about MD5+CA Dave Aitel (Jan 02)
  - Re: Questions about MD5+CA wishi (Jan 02)
    - Re: Questions about MD5+CA Jon Oberheide (Jan 03)