Comments: Musing on the CA debate: ICANN, NTK, Firefox and the devaluation of Trust (tm)!

TBH I don't see the big deal here. yeah, verisign, if ordered to, could produce a dodgy cert that allows a man-in-the-middle attack on a site if traffic is routed to dodgy-cert box before going to the real site.
However, it could *still* do that even if it was just verisign. so could thawte, so could ANY widely-accepted root CA. Its a feature of the HTTPS (x509, whatever) certificate scheme.

Further, it is possible to create a HTTPS proxy, capable of seeing every transaction to anywhere - in fact, a commercial product exists which does this. the prerequisite is that it can generate such a certificate "on the fly" for any website, and convince the browser to accept it. in the commercial product, this is achieved by rolling out the proxy's own certificate to all corporate browsers so that it becomes an extra CA. however, a sub-ca cert signed by any of the big names (again, verisign, thawte, whatever) could do exactly the same thing transparently to the end user.

Posted by DaveHowe at February 8, 2005 10:51 PM

Oh, it has always been able to do this. That's the whole point of the TTP.

The Trusted Third Party concept is that the TTP is capable of doing this, but is trusted _not_ to do this. So you could say, well, the TTP can do it, whatever, in which case, we don't need the TTP any more. We can save ourselves the money on those certs, because the guaruntee that is implied is no longer there, in which case we may as well do our own TTP roles. Or, at least that's what the original designers are likely to say when asked, I think.

But, the nub of the issue here is deeper. How do we set things up so that the TTP never ever breaches the trust implied in the term "trusted third party"? Well, the accounting trade has a thing called governance, and one of the elements of this is called a conflict of interest, which basically states that the entity in question should have no interest in doing that which we don't want it to do.

VeriSign have an interest in doing this act, and so have broken the governance model. That's a key protection, gone right there. So, if this is no big deal, then certs aren't either.

Your call?

Posted by Iang at February 8, 2005 11:09 PM
Post a comment









Remember personal info?






Hit Preview to see your comment.
MT::App::Comments=HASH(0x55fbce60a8b8) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.