On 22/1/09 00:45, Nelson B Bolyard wrote:
Eddy Nigg wrote, On 2009-01-21 15:25:
On 01/22/2009 01:07 AM, Nelson B Bolyard:
Yes, but some of the CAs were emphatic that they would not revoke the
certs unless their customers requested them to do so. As I understand it,
basically they said that their agreement with their customer did not allow
them to revoke the cert without the customer's permission, unless they were
presented with evidence of an actual attack/compromise of the site whose
cert was affected. I did not like that position, but they were adamant.
Isn't the publishing of the private key enough evidence for compromise?
At least it got us and some others to revoke all weak keys.
IMO, yes, it is enough evidence. But the position of those CAs, as I
understand it, is that such publication is only a potential compromise.
lol... right. I had exactly this argument over at CAcert, when I said
the old roots were compromised because there was no doco or history that
said that they were secure [1]. They said "compromised == evidence of
breach" and I said "compromised == no evidence of security."
Semantics matter a lot. Does anyone have a definition of the word
"compromise" ?
They require evidence that the published key is actually being used to
attack the site. Otherwise, their customer agreement does not let them
revoke the certs. I don't think that's an honorable position for a CA
to be in, but that's just my opinion.
I can see their point of view, it does rather strike me as a question
about business, not anything else. They are taking on the liability
(aren't they?) for that site, so why can't they run the risk?
That's what the contracts are for, no? Or is your point that you don't
trust the contracts?
iang
[1] this is a published squabble, somewhere or other, and was resolved
in 2007 by a board decision to make new roots.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
