RSA getting rid of trusted third parties?

Ian Clelland ian at veryfresh.com
Fri Jun 21 17:59:31 EDT 2002 

On Fri, Jun 21, 2002 at 02:54:25PM -0500, Michael_Heyman at NAI.com wrote:
> Maybe I am reading more into it then exists but the bullet in the document
> says it will:
> 
>   Reduce help desk calls from end-users related to "untrusted" 
>   certificates

It makes sense, though, that a company should be able to issue 
certificates for servers belonging to various departments within the 
company. The organisation knows its own internals far better than RSA 
does. Why should RSA/Verisign/whoever be responsible for signing such 
certificates? I see no benefit to having such a wide, flat web of trust.

What root CAs are good at, and what they should be doing, is 
authenticating the organisation itself. They can verify that the 
organisation exists as described, and that the private key really is 
controlled by someone authorised within that organisation. This makes 
them fairly well suited to handing out certificates for the public face 
of the organisation.

The high cost of this process, though, means that organisations tend to 
have very few secure servers, and if they need to secure any machines 
for internal use, they're not going to ask a root CA to do it; they'll 
just make one and sign it themselves, and probably put a note on the 
page which says, "We know that your browser will claim this cert is 
invalid; just accept it anyway."

This sort of practice is what leads to all of the help-desk calls, and 
is probably more damaging to PKI, ultimately, than letting RSA issue a 
certificate which says, "The owner of this certificate is trusted to 
sign certificates within the organisation XYZ".

If the alternative is to have people conditioned to simply click 
"Proceed" whenever they see an unrecognised signer, I'd much rather 
have this system.

> That and the other language lead me to believe they have a trusted root
> already loaded in my browser that they let anybody authenticate to that is
> willing to buy their certificate authority software and that my browser will
> think those certificates are fine.

They already have such a root certificate in your browser. Nowhere in 
the press release do they say that they will let anyone and everyone 
get the CA software and start signing certificates for every site and 
its dog.

> I just hope that none of the private keys of all these (many probably 
> unsecured) CAs leak.

This shouldn't be a problem, as long as the signing certificate can 
only be used to sign certificates within that organisation. In that 
case, if one does get compromised, then that company has a major PR 
problem, but it's not the end of the world for everyone else. They 
should have taken better care of the keys.

My whole argument, of course, rests on the assumption that these 
certificates can be restricted in this way. I don't know enough about 
the format of X.509 certs to say for sure that this is true. Someone on 
this list must, though.

Ian Clelland
<ian at veryfresh.com>

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list