On 13/1/09 00:02, Nelson B Bolyard wrote:
In chronological order,
Julien wrote:
If you follow the KCM logic, you would have to give an application
warning, which is completely unwarranted under current standards.
Ian G replied:
If the new cert is unauthentic, then it would cause some form of alert
that would be entirely warranted. Currently, a false cert will slip
through without any change.
On 9/1/09 21:05, Julien R Pierre wrote:
For what definition of false ?
Ian G wrote, On 2009-01-10 10:14:
Indeed a good question. Who do we ask?
Ian, You chose the word "false" in your reply, quoted above.
I believe Julien was asking YOU to clarify what YOU meant by that word.
Ah. Well, in that context, "false" meant, anything that slipped
through, so a circular definition. To be more linear:
a CA-signed cert that should not have been issued
a forged cert with an MD5 sig
a cert for a root that shouldn't be in the root list
a CA-signed cert issued to a real but bad company
a stolen but unrevoked/unexpired cert
could all be possible reasons.
The reason KCM would be interesting here is that it could be set to warn
when a cert for a different *CA* was seen. That would likely generate a
warning for most of the above (and deal with the "server-farm" nightmare).
The reason this works is because of lawsuits. If a VeryFine certificate
ends up being "false" and used against a VeryFine customer, then the
lawsuit is simple: all sue VeryFine. (Also, the control is much easier.)
If on the other hand, a false KoFuddy cert is used against a ComfoPro
customer, then who sues who? It is hard to sue KoFuddy, because there
is no standing. ComfoPro did nothing wrong, so it is pointless to sue
ComfoPro.
iang
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
