Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Suspend the trust bits

1 view

Skip to first unread message

Paul C. Bryan

unread,

Dec 23, 2008, 4:55:14 PM12/23/08

Presumably it was Comodo that underwent an audit to be added to
Mozilla's roots, and Comodo should not be allowed to delegate trust to
their resellers for domain validation. If, today, trust is delegated
to their resellers, then we can't trust Comodo, period.

Although disruptive, their trust bits should be suspended. The
explanation to users: "The CA purporting to provide assurance about
the site you are trying to visit cannot be trusted. Please contact the
site operator and advise them to find a trustworthy certification
authority."

Yes, perception is that Mozilla releases code expressly to "break"
access to legitimate sites, but this is because a trusted CA has gone
rogue. Users can still jump through hoops to expressly include the
site's certificate and keep going.

The trust model for browsers should be fail-safe, even if this
inconveniences users. Better that than me and countless others
inadvertently exposing my credentials to a site pretending to be my
bank, investment house, government revenue agency, etc.

If Mozilla doesn't pull the trust bits, what's it's accountability for
any breaches that occur due to keeping the bits? With assurance must
come liability, whether from the certification authority, or those who
are implicitly trusted with vetting them.

Paul C. Bryan

unread,

Dec 23, 2008, 5:03:33 PM12/23/08

(sorry, meant to post this in the thead -- posting there -- disregard
this thread)

Florian Weimer

unread,

Dec 27, 2008, 10:52:41 AM12/27/08

to mozilla's crypto code discussion list

* Paul C. Bryan:

> Presumably it was Comodo that underwent an audit to be added to
> Mozilla's roots, and Comodo should not be allowed to delegate trust to
> their resellers for domain validation. If, today, trust is delegated
> to their resellers, then we can't trust Comodo, period.

Many of the historic root CAs have a forest of sub-CAs and RAs which
are totally undocumented. By your argument, they should be removed as
well.

Mozilla started to require CPS for sub-CAs only recently. I don't
know if this is part of a larger effort to clean up this mess, or was
some sort of an ad-hoc decision to make things hard to for a
particular CA to get added to the root CA list.

Personally, I don't care that much about the root CA list because it's
quite clear to me that browsing security does not rely on it.
However, if Mozilla went EV-only (which is probably what's favored by
some CAs), many users would be warned about sites which are perfectly
safe to use. Those operators who wanted to avoid the confusion would
have to pay higher road tolls for no real security gains.

0 new messages