On 12/06/14 19:16, Tollef Fog Heen wrote: > ]] Christoph Anton Mitterer > >> Supplying the Debian Root CA to people not using Debian could have been >> easily done by a *single* site that uses a cert available in all >> browsers... which offers the Debian Root CA for secure and "trusted" >> download. > > That's a nice theory. It does not align particularly well with what > happens in the real world.
Expanding on that a little, for non-experts[1] there are only two trust levels for CAs: * my browser vendor doesn't trust this CA at all, and indeed my browser will not let me access https sites secured with it, even though it will let me access an equally MITM-prone http version of the same content * my browser vendor trusts this CA completely, and if it signs a certificate that claims to be for paypal.com, my bank, my employer's commercially confidential servers, a server with my private medical information, etc. then that certificate is assumed to be genuine It should be possible to make a CA certificate that is only considered to be valid for the spi-inc.org and debian.org subtrees, and then trust the assertion that SPI control that certificate - but in widely-used applications, that isn't possible. If SPI can sign certificates for debian.org, then they can also sign certificates for my bank, and my browser will think those are just as valid. For less technical users who are only dimly aware of the existence of a thing called a certificate at all, giving SPI the technical capability to impersonate their bank seems an unacceptable risk. If widely-deployed TLS implementations had the ability for a server to offer more than one certificate, there'd be no problem - https://security.debian.org/ could present a Gandi certificate, a SPI certificate and a cacert.org certificate, signed by different CAs but based on the same key material (and particularly paranoid browsers could insist on more than one being valid). That capability does not currently exist in practice, though. S [1] experts can maybe use things like Certificate Patrol, although CP suffers from the fact that most browsers do not warn about use of multiple certificates like it does, which means large sites like Twitter assume they can deploy multiple certificates without any user-visible problems, which means CP has so many false positives on some sites that it approaches unusable -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53a032ab.1050...@debian.org
