Eddy Nigg (StartCom Ltd.) wrote: > So it would be fine with you, if you've received a signed document or > email (even encrypted) and you are going to trust your VISA and other > personal data to a spoofed email or web site, issued by such a Blackbox > CA?
It wouldn't be fine with me; my point is that (speaking as the Mozilla Project) it's Not Our Problem. When the customer finds out there's a problem, he should revoke his cert, and our products should honour the revocation - just as for any compromised cert. (If we don't honour the revocation, that's a separate problem.) That's what happens when certs are compromised. > Is it really, really only the problem of the customer? > > So lets play with it a little bit: You don't need to invent a long scenario. Simply: disgruntled bank employee steals private key and, using it, steals customer data. How is this different to them stealing the private key for the bank's email signing cert? Or web server cert? The point is, it's not the problem of the Mozilla Foundation to make sure that the First International Bank of Thailand has good security, as long as any breaches of it can only affect the FIBOT and its customers. If I'm a customer of FIBOT and I get scammed because of something they did, I change bank and tell all my friends to do the same. That's how a marketplace works. > The issuing CA doesn't takes any responsibility, because they acted > perfectly according to their own policies. They never promised auditing > of the systems and customers in first place. The bank of Thailand has > its "Kitchen Sink CA" suspended, the IT manager fired, but Frank and > Gerv have no way to prove that their privacy was invaded and that they > potentially lost some money because of the bank's actions. Also the bank > has much better lawyers, so Frank and Gerv never recover the damage. Yeah, life sucks, doesn't it? All of your scenario could still happen if we forced the CA to make the FIBOT sign some contract about keeping their key safe. Just because there's a contract doesn't mean the FIBOT would keep to it; even if they did, that doesn't mean that no insider has a copy of the private key. >> The point is that their security destiny is in their own hands. > No, not at all! It's _your_ security in _their_ hands - because you rely > on it. Also note that the CA is as strong as its weakest link. NSS and > the software which make use of it are as weak as its weakest CA. I only agree that this is true for root certificates. Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
