The Magic of X.509 Certification (was Re: Property Rights in Keys)

Perry E. Metzger perry at piermont.com
Fri Feb 13 17:09:27 EST 2009 

Florian Weimer <fw at deneb.enyo.de> writes:
> 4) It can't be trademarked because the company named in the DN is long
>    gone
>
> (It's quite strange that so many of the browser root certs use DNs
> which aren't correct anymore.)

It isn't strange -- it is part of the fairly frightening ecology we've
developed.

Lets remember briefly how we got here...

1) Netscape wanted to deploy SSL
2) ...but to do that, they needed some way of getting people trust
   anchors for the certificate system...
3) ...and lacking time for any sort of real protocol, the easy move
   was just building them in to the browser binaries...
4) ...and everyone else followed suit...
5) ...so now, being one of the magic CAs who's root certs are
   distributed with the commonly used browsers (IE, Safari, Firefox,
   Opera, etc.) is a license to print money.
6) ...as a result of which, lots of CAs have been bought, sold and
   traded around repeatedly.

This is all part and parcel of the problem that you can't *really*
trust the CAs terribly much. The security of your browser is, to a
large extent, dependent on the security practices of the least
diligent CA built in to your browser. (There are loads of other
problems too of course.)

It is particularly interesting to me how far we've come from the
original vision of X.509 -- indeed, a large fraction of our
infrastructure now uses X.500 DNs and X.509 certs in a manner totally
alien to the original vision for those technologies. There is no
global X.500 directory, there is no rigidly central global
certification hierarchy. The data formats have become a sort of mere
magical incantation -- almost no one involved has any any knowledge of
what any of it means, how it evolved, or what the real threats are.
To a scary extent, this includes people making critical security
decisions about the infrastructure.

With my moderator hat on, I'm not *too* interested in opening this up
again -- we've discussed it repeatedly in the past -- but I think a
reminder isn't a bad thing. I'll forward posts that have something
particularly new to say about the subject, or at least which say
something old in a particularly interesting way. :)

Perry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list