Intermediates are not independent CAs. That is a myth that EFF has
unfortunately chosen to publicize for their own political ends.
The point of having an intermediate is that it makes it possible to use the
path chain as part of the authorization mechanism. So for example, let us
say that you have chains:
AliceCA -> BobCorpCA ->
smtp.BobCorp.com #1
AliceCA -> BobCorpCA ->
smtp.BobCorp.com #2
AliceCA -> BobCorpCA ->
imap.BobCorp.com #3
An SMTP client could in theory be configured to require the TLS connection
to the mail servers to chain through BobCorpCA.
That is the theory at least. And I have sold a lot of PKI on that theory.
After I stopped selling them customers came and pointed out to me that it
is much less use than you would hope because the intermediate is typically
a short lived cert that you have to roll at least as often as the CA cert.
What you really want to be able to do in the mail client is to tie to a
root of trust you control as an enterprise. This is one of the things I am
trying to support in the Mathematical Mesh where we use fingerprints of
keys as roots of trust.
On Tue, May 31, 2016 at 12:59 PM, Nick Lamb <
tiala...@gmail.com> wrote:
> On Tuesday, 31 May 2016 16:19:24 UTC+1, Eric Mill wrote:
> So far as I've seen there's every reason to believe this only became news
> at all because Symantec finally disclosed the existence of this certificate
> earlier in May, and so it was added to the CT logs. Without the carrot +
> stick approach which has been taken for disclosure of intermediates, this
> CA cert would still exist (it was created nine months or so ago) but it
> wouldn't be known, so it wouldn't be news.
>
> If the message sent is "once you disclose an intermediate you'll get
> beaten up for that" there's a powerful disincentive to disclose at all.
> There's plenty of hysteria about this cert based on who it was issued to,
> which is funny because the best example of real trust ecosystem risk we
> have recently is from the Disney subCA [quietly revoked by its issuer when
> it ceased obeying the BRs...], yet I saw precisely zero people freaked out
> that Disney had an unconstrained intermediate when that information was
> first public.
>
> That said, so far as I understand the Mozilla requirement is actually that
> such intermediates be disclosed _and audited_. The present disclosure from
> Symantec asserts that this intermediate is covered by the same audit as for
> all their other intermediates, but the certificate was actually issued
> _long after_ the period that audit covers, so this assertion by Symantec is
> nonsense. We need to get CAs to be honest with us. If the situation is that
> you've got no audit coverage for an intermediate, you need to _fix_ that,
> not just pretend it's covered by an audit report that doesn't even mention
> the intermediate and was written months before it existed.