Five Theses on Security Protocols

Ian G iang at systemics.com
Mon Aug 2 07:32:12 EDT 2010 

On 1/08/10 9:08 PM, Peter Gutmann wrote:
> John Levine<johnl at iecc.com>  writes:
>
>> Geotrust, to pick the one I use, has a warranty of $10K on their cheap certs
>> and $150K on their green bar certs.  Scroll down to the bottom of this page
>> where it says Protection Plan:
>>
>> http://www.geotrust.com/resources/repository/legal/
>>
>> It's not clear to me how much this is worth, since it seems to warrant mostly
>> that they won't screw up, e.g., leak your private key, and they'll only pay
>> to the party that bought the certificate, not third parties that might have
>> relied on it.
>
> A number of CAs provide (very limited) warranty cover, but as you say it's
> unclear that this provides any value because it's so locked down that it's
> almost impossible to claim on it.

Although distasteful, this is more or less essential.  The problem is 
best seen like this:  take all the potential relying parties for a large 
site / large CA, and multiply that by the damages in (hypothetically) 
fat-ass class action suit.  Think phishing, or an MD5 crunch, or a 
random debian code downsizing.

What results is a Very Large Number (tm).

By fairly standard business processes one ends up at the sad but 
inevitable principle:

    the CA sets expected liabilities to zero

And must do so.  Note that there is a difference between "expected 
liabilities" and "liabilities stated in some document".  I use the term 
"expected" in the finance sense (c.f. Net Present Value calculations).

In practice, this is what could be called best practices, to the extent 
that I've seen it.

http://www.iang.org/papers/open_audit_lisa.html#rlo says the same thing 
in many many pages, and shows how CAcert does it.


> Does anyone know of someone actually
> collecting on this?

I've never heard of anyone collecting, but I wish I had (heard).

> Could an affected third party sue the cert owner

In theory, yes.  This is "expected".  In some sense, the certificate's 
name might be interpreted as suggesting that because the name is 
validated, then you can sue that person.

However, I'd stress that's a theory.  See above paper for my trashing of 
that, "What's in a Name?" at an individual level.  I'd speculate that 
the problem will be some class action suit because of the enourmous 
costs involved.


> who can
> then claim against the CA to recover the loss?

If the cause of loss is listed in the documentation . . .

> Is there any way that a
> relying party can actually make this work, or is the warranty cover more or
> less just for show?

We are facing Dan Geer's disambiguation problem:

 > The design goal for any security system is that the
 > number of failures is small but non-zero, i.e., N>0.
 > If the number of failures is zero, there is no way
 > to disambiguate good luck from spending too much.
 > Calibration requires differing outcomes.


Maybe money can buy luck ;)



iang

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list