Has any public CA ever had their certificate revoked?
Paul Hoffman
paul.hoffman at vpnc.org
Wed May 6 09:53:07 EDT 2009
At 1:02 AM +1200 5/7/09, Peter Gutmann wrote:
>Paul Hoffman <paul.hoffman at vpnc.org> writes:
>
>>Peter, you really need more detents on the knob for your hyperbole setting.
>>"nothing happened" is flat-out wrong: the CA fixed the problem and researched
>>all related problems that it could find. Perhaps you meant "the CA was not
>>punished": that would be correct in this case.
>
>What I meant was that there were no repercussions due to the CA acting
>negligently.
We agree fully, then.
>This is "nothing happened" as far as motivating CAs to exercise
>diligence is concerned, you can be as negligent as you like but as long as you
>look suitably embarassed afterwards there are no repercussions (that is,
>there's no evidence that there was any exodus of customers from the CA, or any
>other CA that's done similar things in the past).
This assertion is probably, but unprovably, wrong. I suspect the CA now has better mechanisms in place to check for the problem in the future, and I suspect that a few other CAs seeing the kerfuffle probably added their own automated checks. Note that these are checks that should have been in place before the error was found.
>Imagine if a surgeon used rusty scalpels and randomly killed patients, or a
>bank handed out money to anyone walking in the door and claiming to have an
>account there, or a restaurant served spoiled food, or ... . The
>repercussions in all of these cases would be quite severe. However when
>several CAs exhibited the same level of carelessness, they looked a bit
>embarassed and then went back to business as usual.
...because not only did no one die, but also the CAs were able to fix the problem.
>The CA-as-a-certificate-
>vending-machine problem (or "rogue CA" if you want to call it that) had been
>known for years (Verisign's "Microsoft" certificates of 2001 were the first
>case that got widespread publicity) but since there are no repercussions for
>CAs doing this there's no incentive for anything to change.
s/no/small/
>
>>This leads to the question: if a CA in a trust anchor pile does something
>>wrong (terribly wrong, in this case) and fixes it, should they be punished?
>
>If a CA in a trust anchor pile does something terribly wrong and there are no
>repercussions, why would any CA care about doing things right?
Slight worry about making a more serious mistake than happened here.
>All that does
>is drive up costs. The perverse incentive that this creates is for CAs to
>ship as many certificates as possible while applying as little effort as
>possible. And thus we have the current state of commercial PKI.
Fully agree.
--Paul Hoffman, Director
--VPN Consortium
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list