I'd like to take a moment to point out that determination of the beneficial ownership of business of various sorts (including CAs) can, in quite a number of jurisdictions, be difficult to impossible (short of initiating adverse legal proceedings) to determine.
What does this mean for Mozilla's trusted root program or any other root program for that matter? I submit that it means that anyone rarely knows to a certainty the nature and extent of ownership and control over a given business to a high degree of confidence. This is especially true when you start divorcing equity interest from right of control. (Famous example, Zuckerberg's overall ownership of Facebook is noted at less than 30% of the company, yet he ultimately has personal control of more than 70% of voting rights over the company, the end result is that he ultimately can control the company and its operations in virtually any respect.) A number of jurisdictions allow for creating of trusts, etc, for which the ownership and control information is not made public. Several of those, in turn, can each be owners of an otherwise normal looking LLC in an innocuous jurisdiction elsewhere, each holding say, 10% equity and voting rights. Say there are 6 of those. Well, all six of them can ultimately be proxies for the same hidden partner or entity. And that partner/entity would secretly be in full control. Without insider help, it would be very difficult to determine who that hidden party is. Having said all of this, I do have a point relevant to the current case. Any entity already operating a WebPKI trusted root signed SubCA should be presumed to have all the access to the professionals and capital needed to create a new CA operation with cleverly obscured ownership and corporate governance. You probably can not "fix" this via any mechanism. In a sense, that DarkMatter isn't trying to create a new CA out of the blue, operated and controlled by them or their ultimate ownership but rather is being transparent about who they are is interesting. One presumes they would expect to get caught at misissuance. The record of noncompliance and misissuance bugs created, investigated, and resolved one way or another demonstrates quite clearly that over the history of the program a non-compliant CA has never been more likely to get caught and dealt with than they are today. I believe the root programs should require a list of human names with verifiable identities and corresponding signed declarations of all management and technical staff with privileged access to keys or ability to process signing transactions outside the normal flow. Each of those people should agree to a life-long ban from trusted CAs should they be shown to take intentional action to produce certificates which would violate the rules, lead to MITM, etc. Those people should get a free pass if they whistle blow immediately upon being forced, or ideally immediately beforehand as they hand privilege and control to someone else. While it is unreasonable to expect to be able to track beneficial ownership, formal commitments from the entity and the individuals involved in day to day management and operations would lead to a strong assertion of accountable individuals whose cooperation would be required in order to create/provide a bad certificate. And those individuals could have "skin in the game" -- the threat of never again being able to work for any CA that wants to remain in the trusted root programs. All of Google, Amazon, and Microsoft are in the program. All of these have or had significant business with at least the US DOD and have a significant core of managing executives as well as operations staff and assets in the United States. As such, it is beyond dispute that each of these is subordinate to the laws and demands of the US Government. Still, none of these stand accused of using their publicly trusted root CAs to issue certificates to a nefarious end. It seems that no one can demonstrate that DarkMatter has or would either. If so, no one has provided any evidence of that here. It's beyond dispute that Mozilla's trusted root program rules allow for discretionary exclusion of a participant without cause. As far as I'm aware, that hasn't been relied upon as yet. For technologists and logicians, it should rankle that it might be necessary to make reliance upon such a provision in order to keep DarkMatter out. In my mind, it actually calls into question whether they should be kept out. As Digicert's representative has already pointed out, the only BR compliance matter even suggested at this point is the bits-of-entropy in serial number issue and others have been given a pass on that. While I suppose you could call this exclusionary and sufficient to prevent the addition, it would normally be possible for them to create new key pairs and issuance hierarchy and start again with an inclusion request for those, avoiding that concern in round 2. I think the knee-jerk reaction against this inclusion request ignores a fundamental truth: by way of the QuoVadis signed SubCA, DarkMatter is and has been operating a publicly trusted CA in the WebPKI for some time now. What changes when they're directly included that increases the risk above and beyond the now current presently accepted risk? I strongly urge that the program contemplate that in the best case scenario they don't and can't know the true beneficial ownership of the various CAs and the map of the relationships of those beneficial owners to other questionable entities. And following that line of thinking, that the program presuppose that the ownership and governance/control is vested in the most corruptible, evil people/groups imaginable and structure the management of trust of CAs in a framework that assumes and accounts for as much. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
