RE: [caops-wg] Name Constraints - attempt at framing issues
3) If a CA is compromised, given currently implementations, this will result in the compromise of all certificates issued by that CA. An additional threat that a CA compromise would result in, is the compromise of privileges bound to certificates issued by other CAs, at relying parties that trust the compromised CA. Is this threat of concern to us?
Von -- can you describe this? I can't figure out what this means. BC
Bob, I'll try to make it more concrete. CA1's policy is that it issues certificates with DNs starting with "A", Alice is one such certificate. CA2's policy is that it issues certificates with DNs starting with "B", Brett is one such certificate. A relying party trusts both CA1 and CA2, and grants privileges to Alice and Brett. If CA1 is compromised, then CA1's key could be used to forge a certificate for Alice and the relying party compromised. If CA1's key is also used to forge a certificate for Brett (even though this is outside what CA1 such be signing). Are we concerned about the additional threat that the forged Brett certificate could also be used by the entity that compromised CA1 to further compromise the relying party? Von On Oct 13, 2005, at 9:23 PM, Cowles, Robert D. wrote:
3) If a CA is compromised, given currently implementations, this will result in the compromise of all certificates issued by that CA. An additional threat that a CA compromise would result in, is the compromise of privileges bound to certificates issued by other CAs, at relying parties that trust the compromised CA. Is this threat of concern to us?
Von -- can you describe this? I can't figure out what this means.
BC
participants (2)
-
Cowles, Robert D. -
Von Welch