Arshad Noor wrote:
Has the Mozilla Foundation considered using a self-audit in the form of
a Jurat? There are some advantages to doing so for the CA operator, as
well as for the MF.
To those unfamiliar with the term, a Jurat is any document, where the
signer swears to the veracity of its contents, signs the document in
front of a licensed Notary Public (NP) and has the NP sign & stamp the
document. (While this is true of most states in the US, I can only
speak for California).
Once the Jurat is signed by the NP, it is a legal document. Any signer
who knowingly signs the document while swearing to false information in
it, has committed a felony per California law. The Relying Party (MF in
this case) now has a hold on the signer that goes beyond even a WebTrust
audit - the threat of sending the signer to jail if the Jurat has false
information in it.
Advantages to the CA opertor?
1) They don't need to divulge details of the operation to anyone
outside the company;
2) They know their PKI better than anyone else, and can perform
the audit rapidly;
3) There is no audit cost other than the time spent writing the
self audit and the NP's fee (less than US $25 if you go to the
NP's office);
Advantages to MF?
1) A legal document that carries the weight of civil law behind it
(and the threat of jail to offenders);
2) No need to authorize auditors if CA operators are willing to
perform self-audits and submit the documentation in the form of
a Jurat;
3) With a slightly modified architecture to Mozilla, it could even
lead to some interesting revenue opportunities for MF, allowing
it to fund future development and some vexing security problems
on the Internet.
There are some problems with this concept.
A jurat executed outside of the U.S. by a CA (certificate authority)
operating entirely outside of the U.S. might not be enforceable in U.S.
courts. It might not be enforceable to the extent indicated above in
the courts where the CA operates by a U.S. plaintiff; instead, there
might be only civil penalties for falsely swearing a jurat and no
criminal penalty.
A CA is expected to operate in a manner that does not injure the public.
Providing a criminal remedy against a rougue CA gives little
satisfaction to those suffering financial loss if they cannot recover
the money. A CA that falsely swears a jurat to have its root
certificate included in a browser so that fraud or other crimes can then
be committed will likely leave little to be found for restitution.
In the end, the issue is trust. The public is asked to trust the CA and
the subscriber certificates the CA signs. The first two advantages
listed for the CA above do not inspire trust. Trust is created by the
public exposure of the details of how the CA operates; this is required
by the WebTrust audit criteria. Further, trust is enhanced if a third
party looks at the CA operations because (as I learned during my career
as an independent software test engineer) the "owner" of a process,
system, or enterprise too often is blind to defects.
By the way, in California, falsely executing a declaration being
notarized is the crime of perjury. Perjury is a crime that stands
alone, neither a felony nor a misdemeanor. The penalty is that of a
minor felony, 2-4 years in a state prison. (However, I once heard that
perjury in a capital crime -- where the person falsely convicted is
executed -- is itself a captial crime.) A notary who actively helps
someone else commit perjury has committed a felony.
--
David E. Ross
<http://www.rossde.com/>
Concerned about someone (e.g., Pres. Bush) snooping
into your E-mail? Use PGP.
See my <http://www.rossde.com/PGP/>
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
