[cabfpub] Upcoming changes to Google Chrome's certificate handling

Mon Nov 11 09:24:30 UTC 2013

On 08-Nov-13 18:29, Jeremy Rowley wrote:
>> I disagree.  For the outset, the log operator responsibility has been 
>> to gossip with other logs to ensure they aren't forked or in a bubble.
> 
> And if forced by threat to do otherwise by the government?
> 
> - Then the log becomes untrusted.

Only if discovered. If the breach is kept secret, the log will remain
trusted.

> Either it gossips or it's not trusted.

Clients gossip, logs don't.

> Of course, all the government needs to do is coerce the browser to trust a
> non-public log and you have the same effect. You are worrying about an
> attack where easier work-arounds exist for government entities.

Attacking browsers is a different attack scenario, which might be viable
in about 4 countries in the world (where browser vendors have HQs). Even
if a browser vendor was coerced, the malicious code would still have to
be installed, in which case the government might as well coerce any
other application vendor with automatic updates residing on the victim's
system. The protection scenario for this is different, with automated
system audits. (Or a user can choose not to install national
applications.) I am not saying we should not protect against this, I am
just saying we should protect against another, unrelated scenario, where
CAs are the targets.

>> Plus, I trust DigiCert's log server availability and integrity way 
>> more than I trust anyone else's.  If I'm hitting a couple of log 
>> servers, I want them to be the servers I know won't go down or be
>> untrusted.

This sounds like local optimization, where you are concerned about your
own certificates, which is logical enough. I am more concerned about
global optimization, where the concern is the internet community at
large. Someone will end up using those logs you do not deem reliable
enough, if they go down, users are at risk, regardless of DigiCert's
choice. I do not believe an environment where each CA roll their own log
is globally optimal, even if possibly locally optimal.

> - Neither does the proposal to require mutli-jurisdictional logs, especially
> since the only two logs (that I know of) are Google and DigiCert, both
> located jurisdictionally in the US.

That will change.

> This fix is easy, don't set up a system which allows governments (or
> individual CAs) to do this.
> 
> - Okay.  How?  Multi-jurisdictional logs don't do that.  All you've done is
> make the browsers the target, which is already more likely than the CA.

Even if all we manage to do is to shut down one attack avenue, I still
think that a great win. And I think that being able to state
"Certificates are secure, even when used under a hostile government" is
also worth a lot, security also requires trust.

-- 
Sigbjørn Vik
Opera Software