[Cryptography] Revocation is an Authorization issue

Ray Dillinger bear at sonic.net
Sat Aug 21 18:08:47 EDT 2021 


On 8/10/21 5:40 PM, Phillip Hallam-Baker wrote:
>
> The reason that the confusion arises is that the WebPKI uniquely
> conflates authentication and authorization. Recall that the original
> purpose of the WebPKI was authentication, encryption was limited to
> 40(!) bits. The WebPKI was designed to make shopping online as safe as
> shopping in a traditional store. The point of a VeriSign Class 3 cert
> was to tell the user that the merchant was accountable to law
> enforcement in a particular jurisdiction.

     As soon as we established that there are no legal requirements to
be a certificate authority, revocation became meaningless.  The default
standard for browsers is "accept all cert authorities" because otherwise
users will see error messages and blame the browsers.  Becoming a cert
authority proves exactly nothing and doesn't have to because nobody
requires proof of anything. 

     And that's easy, right?  They're only certifying that the check
cleared.  The CA knows exactly nothing about the people who are buying
certificates, and doesn't need to know.  Doesn't even want to know,
because if they knew they might possibly become legally responsible for,
I dunno, claiming those people are trustworthy or something.  The CA
trusts that these people wrote a check that cleared, once.  That's all
the trust that the CA has in them, why should users trust them any
further than that?

     If cert authorities provide a root key to the browser makers, they
will have their certificates accepted. Only after repeatedly engaging in
the most flagrant abuses, and getting repeatedly caught and repeatedly 
convicted, could they possibly have the browser makers refuse their
rootkey.

     And I want to point out, that's the only kind of revocation that
has traction.  When the software packager says 'no, this clown has been
issuing fake certs for scammers to pretend to be major companies, so
we're not putting this key into our file of trusted CA's in the next
version,'  THAT is the only way all those fake certs are meaningfully
revoked.  Everything else can be ignored. 

     It can be ignored by the browser makers who want want quick
responses and want users to not see error messages, so they don't bother
checking certs - or ignore certain kinds of cert failure like expiry
"because nobody renews their certs on time."   It can be ignored by the
CAs who don't wind up legally liable when scammers use their certs. Most
are different jurisdictions than most of the people who'd care about
those scams anyhow.  It can be ignored by self-sabotaging users who
click through error messages - and switch browsers to one that's more
obligingly broken if it turns out they can't.  And it can sure as hell
be ignored by scammers whose livelihood depends on users honoring their
certs. 

     The users are literally the only people who have a motive to revoke
a scammer's cert or a faithless CA's authority, and as the self-sabotage
behavior shows they have no understanding that would lead them to do
so.  The users have only very limited power to revoke, can only revoke
in a way that helps no other users at all, and can only revoke because
of information they're not supposed to have to track down themselves (or
why do we have certs at all) using techniques that they don't know about
have and most of them don't even have the background to understand. 

     So, no.  Until and unless CA's are legally liable for scammers
using fake certs, or browser makers legally liable for what customers
lose to scammers whose certs the CA would reject if presented, there is
no hope.  Without some chain of legal responsibility that reaches from
the customer all the way through to the scammer, there is no possibility
of getting anyone to care enough about revocation to actually implement
it properly and have cert revocation and unconditional REJECTION of
revoked certs become the standard basic industry practice. 

     Renewing an expired cert is mainly an afterthought now, even for
"serious" businesses.  If revocation were a real thing that could matter
to anyone, an expired or revoked cert should and would literally and
absolutely shut your entire website down.  If it happened to a "serious"
company it would be a six-alarm emergency that costs people careers.

                Bear


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210821/fecbdf99/attachment.htm>

More information about the cryptography mailing list