On Thu, Aug 9, 2012 at 3:22 PM, Justin N. Lindberg
<justin.lindb...@gmail.com> wrote:
> On Thu, 09 Aug 2012 09:18:00 +0200
> Moritz Grimm <mgmlist...@mrsserver.net> wrote:
>
>> You always put trust into the whole chain (that's why you need
>> intermediate certs in the first place), starting with your trusted
>> root. If that trust turns out to be misplaced in any one of the
>> components (root, intermediate, server), you lose.
>
> For a server certificate you can generally only lose inasmuch as that
> server or domain name is concerned. But for misplaced trust in an
> intermediate cert with certificate-signing capability, you lose
> big-time, because that cert can be used to sign a server cert for any
> domain whatsoever.
Such certificates have already been stolen. They're dependent on the
security of the intermediate key owners, and the are demonstrably
unsecure: Check this URL for more details on the release of rogue SSL
signing certificates through a Dutch firm:
http://www.computerworld.com/s/article/9219606/Hackers_stole_Google_SSL_certificate_Dutch_firm_admits
This is precisely why revocation of certificates is such a key aspect
of SSL, and why the longstanding lack of such revocation or even
revocation of SSH host or user keys remains a significant security
concern. Very few infrastructures are really secure once someine is
inside the network or has access to backps, and it's why the most
secure OS in the world is, in many ways, an expensive waste of time if
the basic security policies aren't in place.
