[Cryptography] The EFF 650 CAs lie

Phillip Hallam-Baker phill at hallambaker.com
Tue Apr 28 23:36:45 EDT 2020

Years ago, the EFF set up its infamous Certificate Observatory, looked at
the network of public intermediate certificates that had been issued,
called each intermediate a 'CA' and issued what has become the zombie lie
of 650 CAs.

It was not a deliberate lie at the time it was said but it has become a lie
since with the obstinate refusal to correct the record. I am going to be
taping a module on PKI for my course on cryptography and it would be much
better for all concerned if I could say the EFF has finally retracted this

I have no idea who I could contact at EFF who could get this fixed but the
lie continues to be repeated and it is high time it was retracted.

As was explained at the time and on numerous occasions since, a CA is a
body that has control of at least one Certificate signing key. The vast
majority of the '650 CA's identified in the study control no signing keys.
They are simply customers of a CA whose certificates are issued off a
separate intermediate root.

That the EFF analysis was off should have been apparent from the fact that
a very large number about a third of the total of the intermediate certs
are all subordinate to one CA, the DFN root. The failure to check up with
DFN to find out what was going on smacks of agenda pushing and frankly a
willingness to fund raise off a lie

Had the researchers contacted DFN, they would have discovered that DFN is
the only party that acts as a CA, the only party that has the ability to
sign certs, no cert signing keys have been passed to other parties etc.
This was pointed out at the time and many times since.

Ideally, an intermediate issuer would be constrained using PKIX
constraints. Unfortunately, the PKIX specification and the Apple
implementation make that impossible as some idiot thought it a good idea to
require constraints be marked critical (i.e. use the break if the extension
is not understood feature) and Apple's browser didn't understand them at
the time. One of the sad mistakes in PKIX was giving the criticality flag a
name that caused people to mistake it for meaning 'this is very very
important'. It means nothing of the sort it means 'break everything if this
is not understood'. And it should never be used unless failing to
understand an extension would cause an invalid cert to be considered valid.

The article is still on the EFF site. It is high time it was retracted.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20200428/aaf12afd/attachment.htm>

More information about the cryptography mailing list