browser vendors and CAs agreeing on high-assurance certificat es

Sat Dec 24 13:50:08 EST 2005

Ben Laurie wrote:
> Ian G wrote:

>>>>http://wiki.cacert.org/wiki/VhostTaskForce
>>
>>>>(The big problem of course is that you can use
>>>>one cert to describe many domains only if they
>>>>are the same administrative entity.)
>>>
>>>
>>>If they share an IP address (which they must, otherwise there's no
>>>problem), then they must share a webserver, which means they can share a
>>>cert, surely?
>>
>>Certainly they *can* share a cert.  But a cert
>>speaks to identity - at the human level the cert
>>is supposed to (by some readings) indicate who
>>the site is purporting to be and in some scenarios,
>>there are people who think the cert actually
>>proves that the site is who it claims to be.
>>
>>So regardless of the technical details of the
>>underlying software (complex, I grant), websites
>>SHOULD NOT share a cert.
> 
> 
> I don't see why not - the technical details actually matter. Since the
> servers will all share a socket, on any normal architecture, they'll all
> have access to everyone's private keys. So, what is gained by having
> separate certs?

1. Because the activity is being done "in the name
of" the site.  When a business "signs" or otherwise
represents a site as purporting to be in the name of
some business, we still want to do it in a way that
separates out that business from every other.

2. The system operator has access to the private
keys, yes, but he's just the agent, and this does
not mean that anyone else has access.  We have
systems in place to separate out the protection
of the keys from the rest of the business.

Most small businesses have some level of cooperation
where they share techies, systems, and other services,
so it is probably more seen and more useful in the
SOHO (small office home office) world.  Of course,
this is less interesting to the security world,
because there isn't the money to pay for consultants
there...

All the more reason why the software should provide
the best it can for free!

> I do agree that the process by which the additional names get added to
> the main cert needs to reflect ownership of the name, but that's a
> different matter.
> 
> And I'm not claiming, btw, that this mechanism is better than the server
> name extension. However, I don't believe its as broken as some are claiming.

Well, sure.  For many uses it will be a useful
stopgap measure, until SNI is deployed.  It's
only broken if you like a binary world, and you
happen to fall on the zero side of the question.

iang

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com