making the X.509 infrastructure available for OpenPGP

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Feb 5 21:32:37 CET 2014


On 02/05/2014 03:06 PM, Werner Koch wrote:
> Almost all X.509 certification in public use certify only one of two
> things:
> 
>  - Someone has pushed a few bucks over to the CA.
> 
>  - Someone has convinced the CA to directly or indirectly issue a
>    certificate.

To further clarify:  "Domain Validation" (how the overwhelming majority
of cartel-issued X.509 certificates are "verified" today) nominally
consists of proving that you can read e-mail sent to any of:

 * the e-mail addresses associated with the domain in question (as found
in whois), or

 * any of a set of "administrator" e-mail addresses in the domain,
including hostmaster at example.org, webmaster at example.org,
admin at example.org, ssladmin at example.org, postmaster at example.org, etc.

In practice, this means that any of the following can get a certificate
issued:

 * anyone who can spoof whois to the CA

 * anyone who can spoof DNS to the CA (changing the MX record)

 * any mail system administrator who has access to any of the above
e-mail addresses

 * any passive sniffer of outbound e-mail traffic from the CA's MTA if
the CA doesn't enforce STARTTLS for outbound SMTP.

 * if the CA enforces STARTTLS for outbound SMTP, but doesn't check
certificates: any active attacker in control of the CA's MTA's network
connection (or anywhere between the CA and the receiving MTA)

 * anyone who knows the password to any of these e-mail accounts

and so on...  Remember also that (barring certificate pinning or TACK),
someone who wants a cert does not have to attack a single CA -- they
only have to attack the most sloppily-administered CA in all the public
root stores.

The bar for regular X.509 certification is much much lower than pretty
much any common OpenPGP certification guideline.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140205/1ff5137a/attachment.sig>


More information about the Gnupg-users mailing list