[Cryptography] TB2F CAs as (un)official browser policy

Ben Laurie ben at links.org
Fri Mar 20 05:34:11 EDT 2015

On 19 March 2015 at 11:13, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> An interesting discussion is currently occurring on the Mozilla security
> policy list.  It seems a CA is late in filing an acceptable audit statement
> (the sort in which Ernst and Young said DigiCert was OK, WebTrust said
> TrustWave was OK, PWC said DigiNotar was OK, and so on).  The deciding factor
> on pulling the CA's cert is:
>   Richard Barnes has verified that there's minimal compatibility impact to
>   removing this root certificate. Current telemetry shows that this root has
>   been responsible for 9.57k out of 9.4B validations, or about one in a
>   million.
> OTOH if you're TB2F and get 0wned by Iranian hackers (Comodo, not DigiNotar,
> who weren't TB2F) then nothing happens.

>From what I can tell, there's quite a difference between the Comodo
and DigiNotar incidents:

1. Comodo appears to have been hacked via a fake RA login, whereas
DigiNotar actually was owned.

2. Comodo issued eight fake certs, DigiNotar > 500.

3. Comodo knew what certs were issued, DigiNotar did not.

4. Comodo did not sit on the facts for 6 weeks.

I'm not sure what relative size by certs issued (or by validations,
which does seem a better metric) Comodo and DigiNotar were at the time
(anyone got numbers?), but I do know that removing the DigiNotar root
had considerable fallout, particularly if you were Dutch...

More information about the cryptography mailing list