making the X.509 infrastructure available for OpenPGP

Daniel Kahn Gillmor dkg at
Wed Feb 5 21:32:37 CET 2014

On 02/05/2014 03:06 PM, Werner Koch wrote:
> Almost all X.509 certification in public use certify only one of two
> things:
>  - Someone has pushed a few bucks over to the CA.
>  - Someone has convinced the CA to directly or indirectly issue a
>    certificate.

To further clarify:  "Domain Validation" (how the overwhelming majority
of cartel-issued X.509 certificates are "verified" today) nominally
consists of proving that you can read e-mail sent to any of:

 * the e-mail addresses associated with the domain in question (as found
in whois), or

 * any of a set of "administrator" e-mail addresses in the domain,
including hostmaster at, webmaster at,
admin at, ssladmin at, postmaster at, etc.

In practice, this means that any of the following can get a certificate

 * anyone who can spoof whois to the CA

 * anyone who can spoof DNS to the CA (changing the MX record)

 * any mail system administrator who has access to any of the above
e-mail addresses

 * any passive sniffer of outbound e-mail traffic from the CA's MTA if
the CA doesn't enforce STARTTLS for outbound SMTP.

 * if the CA enforces STARTTLS for outbound SMTP, but doesn't check
certificates: any active attacker in control of the CA's MTA's network
connection (or anywhere between the CA and the receiving MTA)

 * anyone who knows the password to any of these e-mail accounts

and so on...  Remember also that (barring certificate pinning or TACK),
someone who wants a cert does not have to attack a single CA -- they
only have to attack the most sloppily-administered CA in all the public
root stores.

The bar for regular X.509 certification is much much lower than pretty
much any common OpenPGP certification guideline.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140205/1ff5137a/attachment.sig>

More information about the Gnupg-users mailing list