[Servercert-wg] Ballot SC29: System Configuration Management
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Wed Apr 1 03:49:57 MST 2020
On 2020-03-30 5:44 μ.μ., Ryan Sleevi wrote:
> The assumption on / reliance upon OS software updates similar produces
> a new set of issues here. OS-based patch management is often
> best-effort; it's designed to be non-disruptive, and /not/ meant to
> guarantee patches are timely applied, but rather, that they're
> eventually applied (e.g. if the user consents, based on exponential
> backoffs, etc). They are not designed to be robust against DoS
> systems, more often than not (e.g. a MITM blocking the capability to
> update). Having the human in the loop guarantees that patches are
> being reviewed and applied, and not simply the CA trying to absolve
> itself of the responsibility for how its systems work or how/when
> patches are applied.
These are all risks that the CA should evaluate before deciding to
automate OS updates. Even in the case where an OS vendor suffers a DoS
attack, this issue would still apply regardless of having a human review
process or not.
With appropriate monitoring, CAs can easily detect and confirm if new
security patches have been installed. Automatic installation of patches
doesn't mean that the CA is absolving itself of any responsibility.
Dimitris.
More information about the Servercert-wg
mailing list