Fwd: Re: Has any public CA ever had their certificate revoked?
Bill Frantz
====== Forwarded Message ======
Date: 5/5/09 4:11 PM
Received: 5/5/09 11:26 AM -0400
From: pgu...@cs.auckland.ac.nz (Peter Gutmann)
To: d...@geer.org, thierry...@connotech.com
CC: crypto...@metzdowd.com, pgu...@cs.auckland.ac.nz
Thierry Moreau <thierry...@connotech.com> writes:
>Now that the main question is answered, there are sub-questions to be asked:
>
>1. Has any public CA ever encountered a situation where a revocation would
>have been necessary?
Yes, several times, see e.g. the recent mozilla.org fiasco, as a result of
which nothing happened because it would have been politically inexpedient to
revoke the CA's cert.
>1.1 Has any public CA ever had a disgrunted employee with too many privileges
>not revoked on a timely manner?
Yes.
>1.2 Has any public CA ever experienced a corporate reorganization where a
>backup HSM has been lost?
Not explicitly lost, but sold on eBay (depending on what your definition of
"public CA" is, probably more "large private-label CA", once the PKI project
is scrapped no-one really cares what happens to the hardware, so just as you
can buy hard drives full of financial records on eBay you can also buy HSMs
loaded with CA keys. Unfortunately I'm still waiting for a browser root CA
key to turn up in one :-).
>2. Has any public CA ever suspected a situation where a revocation would have
>been necessary?
Yes, see above.
>2.1 Has any public CA ever had an audit that identified mismanagement of
>signature private key over some extended period of time?
Again, what's "mismanagement"? Would "CA went bankrupt and ex-employees
issued themselves certs in lieu of severance pay" count? Or "CA went bankrupt
and there was no-one left to manage the keys, including issuing CRLs for
revoked certs" count? Or ...
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majo...@metzdowd.com
====== End Forwarded Message ======
---------------------------------------------------------------------------
Bill Frantz |"After all, if the conventional wisdom was working, the
408-356-8506 | rate of systems being compromised would be going down,
www.periwinkle.com | wouldn't it?" -- Marcus Ranum
Chris Hibbert
> Food for those feeling paranoia about PKI.
a message from Peter Gutmann, responding to Thierry Moreau on CERT
management issues.
There were several positive reports that bad things had happened, but
few specifics. Does anyone know of a repository for discussions of such
things? Does Wikipedia have some reports? Or Risks? or anywhere else
that you know of? The list of yeses is interesting, but without
specifics, it's hard for me to cite.
My vague memory includes a case where the major root-level CA (based in
South Africa?) went bankrupt, and their assets were sold to the highest
bidder, but I don't remember their name.
Chris
> ====== Forwarded Message ======
> Date: 5/5/09 4:11 PM
> Received: 5/5/09 11:26 AM -0400
> From: pgu...@cs.auckland.ac.nz (Peter Gutmann)
> To: d...@geer.org, thierry...@connotech.com
> CC: crypto...@metzdowd.com, pgu...@cs.auckland.ac.nz
>
> Thierry Moreau <thierry...@connotech.com> writes:
>
>> >Now that the main question is answered, there are sub-questions to be asked:
>> >
>> >1. Has any public CA ever encountered a situation where a revocation would
>> >have been necessary?
>
> Yes, several times, see e.g. the recent mozilla.org fiasco, as a result of
> which nothing happened because it would have been politically inexpedient to
> revoke the CA's cert.
--
protecting privacy in the computer age is
like trying to change a tire on a moving car.
--Colin Bennett
Chris Hibbert
hib...@mydruthers.com
Bill Frantz
>
>It looked like Bill forwarded
>> Food for those feeling paranoia about PKI.
>
>a message from Peter Gutmann, responding to Thierry Moreau on CERT
>management issues.
>
>There were several positive reports that bad things had happened, but
>few specifics. Does anyone know of a repository for discussions of such
>things? Does Wikipedia have some reports? Or Risks? or anywhere else
>that you know of? The list of yeses is interesting, but without
>specifics, it's hard for me to cite.
I don't know of any place where these issues are discussed. Since I
forwarded Peter's email, the following messages have been posted (most
recent first). (Redundant quotes of previous messages removed.) I would
suggest asking the message authors for more details.
Bill
====== Forwarded Message ======
Date: 5/5/09 1:01 PM
Received: 5/5/09 4:53 PM -0400
From: thierry...@connotech.com (Thierry Moreau)
To: paul.h...@vpnc.org (Paul Hoffman)
CC: pgu...@cs.auckland.ac.nz (Peter Gutmann), d...@geer.org, crypto...@metzdowd.com
...
Before the collapse of the .com market in year 2000, there were
grandiose views of "global PKIs," even with support by digital signature
laws.
Actually, it turned out that CA liability avoidance was the golden rule
at the law and business model abstraction level. Bradford Biddle
published a couple of articles on this topic, e.g. in the San Diego Law
Review, Vol 34, No 3.
The main lesson (validated after the PKI re-birth post-2002) is that no
entity will ever position itself as a commercially viable global CA
unless totally devoid of liability towards relying parties.
Thus no punishment is conceivable beyond the Peter's opinions (they are
protected by Freedom of speech at least). That was predicted by the Brad
Biddle analysis 12 years ago.
Regards,
--
- Thierry Moreau
====== End Forwarded Message ======
====== Forwarded Message ======
Date: 5/5/09 10:17 AM
Received: 5/5/09 4:52 PM -0400
From: paul.h...@vpnc.org (Paul Hoffman)
To: pgu...@cs.auckland.ac.nz (Peter Gutmann), d...@geer.org, thierry...@connotech.com
CC: crypto...@metzdowd.com
...
Peter, you really need more detents on the knob for your hyperbole setting. "nothing happened" is flat-out wrong: the CA fixed the problem and researched all related problems that it could find. Perhaps you meant "the CA was not punished": that would be correct in this case.
This leads to the question: if a CA in a trust anchor pile does something wrong (terribly wrong, in this case) and fixes it, should they be punished? If you say "yes", you should be ready to answer "who will benefit from the punishment" and "in what way should the CA be punished". (You don't have to answer these, of course: you can just mete out punishment because it makes you feel good and powerful. There is lots of history of that.)
--Paul Hoffman, Director
--VPN Consortium
====== End Forwarded Message ======
>
>My vague memory includes a case where the major root-level CA (based in
>South Africa?) went bankrupt, and their assets were sold to the highest
>bidder, but I don't remember their name.
>
>Chris
>
>> ====== Forwarded Message ======
>> Date: 5/5/09 4:11 PM
>> Received: 5/5/09 11:26 AM -0400
>> From: pgu...@cs.auckland.ac.nz (Peter Gutmann)
>> To: d...@geer.org, thierry...@connotech.com
>> CC: crypto...@metzdowd.com, pgu...@cs.auckland.ac.nz
>>
>> Thierry Moreau <thierry...@connotech.com> writes:
>>
>>> >Now that the main question is answered, there are sub-questions to be asked:
>>> >
>>> >1. Has any public CA ever encountered a situation where a revocation would
>>> >have been necessary?
>>
>> Yes, several times, see e.g. the recent mozilla.org fiasco, as a result of
>> which nothing happened because it would have been politically inexpedient to
>> revoke the CA's cert.
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majo...@metzdowd.com
-------------------------------------------------------------------------
Bill Frantz | Airline peanut bag: "Produced | Periwinkle
(408)356-8506 | in a facility that processes | 16345 Englewood Ave
www.pwpconsult.com | peanuts and other nuts." - Duh | Los Gatos, CA 95032