[Cryptography] New free TLS CA coming

ianG iang at iang.org
Thu Nov 20 04:42:49 EST 2014

Answering 3 at once.

On 20/11/2014 07:55 am, Peter Bowen wrote:
> On Wed, Nov 19, 2014 at 11:27 PM, Peter Gutmann
> <pgut001 at cs.auckland.ac.nz> wrote:
>> Mark Atwood <me at mark.atwood.name> writes:
>>> So Mozilla et al have been giving CAcert the runaround for over 4 years now,
>>> and then suddenly they create a more centralized less audited "Let's Encrypt"
>>> shows up, and it's welcomed into the root?
>> That was my immediate reaction as well.  CACert has been given the runaround
>> for more than just four years, it's been more than a decade, and yet as soon
>> as a Mozilla-sponsored CA turns up it's in.

For lolz, that was my immediate reaction too :)  But it doesn't really 
accord with the facts.

What happened to CAcert was more complicated.  They tried to create a CA 
with governance only on the user side, not very much if anything at all 
on the systems side.  In order to put some amount of governance into the 
systems side, they had to write a fair amount of doco, develop quite a 
few procedures, and roll them out.

It all took a while, like about 3-4 years.  Now they are doing it, and 
now it is pretty good, and would likely pass the audit of that time. 
For example of how good their governance is, CAcert have more or less 
defeated a steady run of intel attacks to insert trusted spooks into the 
operation, which cannot be said for any other organisation that has been 
named recently as having been insider-breached, e.g., google, Mozilla, 
not to mention the happily owned slaves such as Cisco.

But unfortunately, the game changed while CAcert was doing this.  The 
largest factor of this was the arisal of phishing, which triggered a 
brief rebellion by the vendors who met in secret in Toronto (?) one day. 
  This then caused the CAs to get spooked, who were already running 
around trying to set up a cozy new cartel, so they headed the rebellion 
off at the pass, brought the vendors into the fold, and then worked in 
secret for 2 years to craft "Baseline Requirements."

By the time they were done, and CAcert was still puddling along working 
at its glacial speed with practically no funding, the game had shifted 
substantially.  They now had to deal with 3 or 4 audits:  BR, WebTrust, 
pre-EV and EV.  Also, the original browser equation had changed from 
Firefox + IE to add in Chrome, and Safari on Mac OSX was now interesting 
again.  So the Firefox-first notion failed as well.

Game over.  You'll notice that only some the problem can be attributed 
to the anti-competitive behaviour of vendors and CAs;  another portion 
attaches to the luck of having more browsers to approach, and a 
fair-sized chunk lands at CAcert's door for being just so darned slow.

>> Perhaps someone from Mozilla would be able to explain what the difference is
>> that gets Let's Encrypt immediate acceptance while CACert has been left out in
>> the cold for more than a decade.
> I am not from Mozilla, but there have been postings in several forums
> that answer this.  The short answer is Let's Encrypt is not getting
> special treatment from Mozillla.  They are planning to start as CA
> that is subordinate to the IdenTrust (DST) root and then apply for
> acceptance into all browsers using the normal processes.  Presumably
> this means they will have to pass the same WebTrust for CA and
> WebTrust for BR audits other CAs have to pass.

Right, so this is the other path.  CAcert could in theory purchase a 
sub-root access from a bigger CA.  I'm not sure how viable this is, 
nobody at CAcert really likes that idea, and I've not come across a CA 
that likes it either ;)

> According to Ian Grigg, who was the independent auditor for CAcert,
> they chose to not ask Mozilla to include CAcert in the Mozilla list of
> trusted roots (https://bugzilla.mozilla.org/show_bug.cgi?id=215243#c158).

Well, to clarify:  as it was taking so long, and as people were 99% 
stupidly claiming that this was a push-button operation, and it was 
Mozilla's fault for not pushing the button, I withdrew the application 
that had provisionally been put in place.  It had no real effect anyway, 
it was all going to be in the real application, which last I heard is 
still not really on the table for lack of an external auditor.


More information about the cryptography mailing list