[cabfpub] [cabfman] Improving the security of EV Certificates
Rick_Andrews at symantec.com
Wed Dec 18 19:13:48 UTC 2013
Moving back to the public list, with Eddy’s permission.
I agree with Eddy that pinning appears to be a very effective and low-cost solution. My impression is that many of the past mis-issuances were detected by Chrome’s pinning support. Is that accurate?
From: management-bounces at cabforum.org [mailto:management-bounces at cabforum.org] On Behalf Of Eddy Nigg (StartCom Ltd.)
Sent: Wednesday, December 18, 2013 9:56 AM
To: 'management at cabforum.org'
Subject: Re: [cabfman] Improving the security of EV Certificates
On 12/18/2013 07:28 PM, From Jeremy Rowley:
Pinning is more risky for unsophisticated users who could brick their systems.
I don't think so....such users would never use it, the same way such users would never investigate a log or list of certificates.
Plus, pinning becomes a market divider so I’d worry about anti-trust violations if the recommendation came from the CAB Forum.
How come, can you explain?
Transparency, in my view, is better because it requires a change only by the CAs and browsers, not by the users. The information is then available for any researcher to digest and evaluate, not just the end user.
It's mostly the competing CAs!!!, software vendors, Netcraft and friends, and some researchers that care about it (EFF, Qualsys and some others). It's the same crowd that would use pinning too.
A headache is when another DigiNotar is compromised , issues a couple thousand certificates fraudulently, and covers it up for several months.
Truly a problem, but may be attacked from a different angel (how about different approach to auditing?). I mean, we are doing our utmost to comply to all the various requirements and much more than that - a price we are willing to pay because for this we are here. Now this proposal has a significant price tag for something that hasn't been tested and used over time with the "only" goal to detect the next DigiNotar.
IMO pinning can achieve the same way cheaper (for me). And again, if we could combine revocation for example, the benefit would be much bigger and trade off the expenses/efforts...
Eddy Nigg, COO/CTO
startcom at startcom.org<xmpp:startcom at startcom.org>
Join the Revolution!<http://blog.startcom.org>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public