Hello Gervase Markham wrote: > If you think they might do that, why might they not do it for other > domains your users use (e.g. their bank)? They might but I do not have direct control about that so I have to accept the risk or try to reduce it through other means. However I have direct control about our own certificates and client machines so I want to secure them as much as practically possible.
> Surely you either believe a CA is trustworthy to correctly issue > certificates for websites or it isn't? I definitely do not consider any CA to be absolutely trustworthy to issue all sort of certificates, but in a lot of cases where I have to deal with certificates of parties I do not have direct contact with, trusting a well-known CA is a good trade-off between security and ease of use since it isn't very practical to get all certificates directly from their owners. > Or are you concerned that a rogue employee at an otherwise honest CA > will have a particular wish to undermine your company and employees and > will cause a single bogus certificate to be issued as part of his > campaign to target you? It's not that I am particularly concerned that someone is attacking our company this way (though others may be), rather I would like to avoid introducing an additional and unnecessary risk by allowing CAs to interfere with internal company communications. The particular trade-off I described above is completely unneeded in internal communications because usually all employes and branch offices, etc. can get our certificates directly from the source. There is no need to introduce another party in the certification chain, in fact any other party inevitably reduces security. In the case of X.509 certificates as used in common SSL/TLS and S/MIME implementations however, we are not talking about a single unnecessary third party in our certificate chain (actually at the top of it) but a whole lot of them. This lot does make me worry even if I do not have reason to suspect that our company is being attacked using fake certificates right now. On one hand, I cannot estimate the risk of any employee at any CA being bought to issue fake certificates but considering the number of CAs I think this issue is not entirely academic. On the other hand, fixing this, at least for the simple case of internal communications, would be exceedingly simple, so simple that it really does not make sense not to do it (e.g. by static policies set at the client). It is probably also worth looking into how to reduce this sort of risk for external communications, as mentioned by Kyle Hamilton, but that is an entirely different issue which will need a lot more thought I guess. Regards, Balint Balogh _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
