Am 2013-03-22 14:22, schrieb Gervase Markham:
> why is "lawful intercept" in general OK
> but "lawful intercept using certs" not OK?
No matter the stance on lawful intercept, the job of the CA system is to
correctly certify identity. Lawful intercept using certs is
misrepresentation of identity. Allowing this opens a deep deep hole that
should not be opened.
Let's turn it around: If we say that "lawful intercept using certs" is
OK, we basically say that we intentionally weaken existing technical
protections to allow totalitarian countries to eavesdrop on activists
(lawfully according to their laws).
This is not a stance I want anyone to take, and certainly not Mozilla,
the organization that claims to protect its users.
There is another problem with allowing "lawful interception"
certificates to be issued: A rogue country could get a lawful
interception sub-CA, issue arbitrary certs for arbitrary domains, do
some BGP rerouting, and suddenly attack traffic that goes from me, a
German citizen in Germany, to a server of a German company in Germany
(i.e. outside their jurisdiction). I expect Mozilla to take technical
countermeasures against this (i.e. yank the root). With a "LI using
certs is OK" approach, Mozilla could only watch as their users get
pwned. (The CA just complied with the law, the government is the one
exceeding their jurisdiction.)
> And if the CA loses in the legal system in its own jurisdiction, having
> fought all the way, that still should be the end of its business?
Yes. If a CA is unable to do its job, i.e. correcty certify identity
without misrepresenting it, no matter the reason, then the CA is unable
to be a CA.
Also, I have pointed out that this is kind of a self-fulfilling
prophecy: If we tolerate CAs misissuing certificates for "lawful
intercept" after they fought it in court, it becomes much more probable
that they will be compelled. If we make clear that mississuing means the
CA is gone, the CA has much better chance to fend it off. Politicans are
also less likely to enact laws that would mean that CAs could not
operate in their jurisdiction, since that would not achieve their aim
(get LI certificates) but simply drive companies out of the country.
> The fact that the CA faces being destroyed doesn't change the legal
> situation about whether this can be done legally or not.
I am not a lawyer, but I am pretty sure that in Germany, the
constitutional court would rule a law that would force the CA to face
destruction unconstitutional, while the same law would be OK if the CA
would not face destruction. Also, I think that regular courts would rule
any demand that would risk the destruction of the company unreasonable,
while the same demand that would not bear this risk may be considered
reasonable.
If you look at
https://www.eff.org/files/colour_map_of_CAs.pdf, Germany
may not have that many root CAs, but it certainly has a lot of CAs.
Even if a CA can be compelled, I think that in most jurisdictions, the
government would be liable to cover the costs/damages of the CA. If that
cost is the total revenue of the company, the government might think
twice before attempting to compel the CA.
> The fact that the CA faces being destroyed doesn't change the legal
> situation about whether this can be done legally or not.
Even assuming this is true (which I am not sure about, as explained
above), it does make a practical difference:
Without strong deterrents ("if you do this, your CA is gone"), companies
are much more likely not to contest attempts to compel them. Without a
deterrent, they have to choose between simply doing what the government
says, with no real risk to their business, or contesting it, which will
cost them a lot of lawyer fees. With such a deterrent in place, they
will be motivated to fight for their life. Knowing that, the government
will also be less likely to attempt to compel them, since it is less
likely to succeed quickly.
It also motivates CAs to protect themselves from compelled requests.
Companies move around countries to evade taxes all the time, they will
be willing to create appropriate legal entities (and move their HSM if
necessary) when provided with the correct motivation. It's not like they
have to move their entire office and operations, just enough stuff so
the remainder of the company is technically and/or legally unable to
comply with any compelled requests.
[Group deciding which CAs should be trusted]
> How would you choose such a group?
Most probably, Mozilla would appoint the members. I don't know how
Mozilla's regular decision-making process looks like, but I assume
neither the process nor the people involved are optimal for making lots
of trust decisions about individual CAs.
> This sounds a lot like "trial in the court of public opinion" to me,
It probably is. While a strict policy-based approach may be considered
"fairer", it is nearly impossible to formalize trust, and this is a
decision about trust.
Kind regards,