[146772] in cryptography@c2.net mail archive
Re: [Cryptography] Opening Discussion: Speculation on "BULLRUN"
daemon@ATHENA.MIT.EDU (Gregory Perry)
Sat Sep 7 17:00:57 2013
X-Original-To: cryptography@metzdowd.com
From: Gregory Perry <Gregory.Perry@govirtual.tv>
To: Phillip Hallam-Baker <hallam@gmail.com>
Date: Sat, 7 Sep 2013 20:46:30 +0000
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>,
ianG <iang@iang.org>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============0153931550062379933==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_718DFA7882181D45B8BD18F31C46D55427B2210BMBX204domainloc_"
--_000_718DFA7882181D45B8BD18F31C46D55427B2210BMBX204domainloc_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
On 09/07/2013 04:20 PM, Phillip Hallam-Baker wrote:
Before you make silly accusations go read the VeriSign Certificate Practice=
s Statement and then work out how many people it takes to gain access to on=
e of the roots.
The Key Ceremonies are all videotaped from start to finish and the auditors=
have reviewed at least some of the ceremonies. So while it is not beyond t=
he realms of possibility that such a large number of people were suborned, =
I think it drastically unlikely.
Add to which Jim Bizdos is not exactly known for being well disposed to the=
NSA or key escrow.
Hacking CAs is a poor approach because it is a very visible attack. Certifi=
cate Transparency is merely automating and generalizing controls that alrea=
dy exist.
But we can certainly add them to S/MIME, why not.
VeriSign is one single certificate authority. There are many, many more ce=
rtificate authorities spread across the world, and unless you can guarantee=
an air-gapped network with tightly constrained physical security controls =
and a secret videotaped bohemian ceremony such as the one you reference abo=
ve at each and every one of those CAs, then maybe it's not such a "silly ac=
cusation" to think that root CAs are routinely distributed to multinational=
secret services to perform MITM session decryption on any form of communic=
ation that derives its security from the CA PKI.
To whit: "...Mozilla maintains a list of at least 57 trusted root CAs, tho=
ugh multiple commercial CAs or their resellers may share the same trusted r=
oot)." [http://en.wikipedia.org/wiki/Certificate_authority]<http://en.wikip=
edia.org/wiki/Certificate_authority>
Another relevant read: http://www.quora.com/SSL-Certificates/How-many-inte=
rmediate-Certificate-Authorities-are-there#
--_000_718DFA7882181D45B8BD18F31C46D55427B2210BMBX204domainloc_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body text=3D"#000000" bgcolor=3D"#FFFFFF">
<div class=3D"moz-cite-prefix">On 09/07/2013 04:20 PM, Phillip Hallam-Baker=
wrote:<br>
</div>
<blockquote cite=3D"mid:CAMm+LwgzrjNYagGMgJphSynxoDwLbuTB93g+Te1ov6=
ZLqTHRgQ@mail.gmail.com" type=3D"cite">
<div dir=3D"ltr"><br>
<div class=3D"gmail_extra">
<div class=3D"gmail_quote">
<div>Before you make silly accusations go read the VeriSign Certificate Pra=
ctices Statement and then work out how many people it takes to gain access =
to one of the roots.</div>
<div><br>
</div>
<div>The Key Ceremonies are all videotaped from start to finish and the aud=
itors have reviewed at least some of the ceremonies. So while it is not bey=
ond the realms of possibility that such a large number of people were subor=
ned, I think it drastically unlikely.</div>
<div><br>
</div>
<div>Add to which Jim Bizdos is not exactly known for being well disposed t=
o the NSA or key escrow. </div>
<div><br>
</div>
<div><br>
</div>
<div>Hacking CAs is a poor approach because it is a very visible attack. Ce=
rtificate Transparency is merely automating and generalizing controls that =
already exist. </div>
<div><br>
</div>
<div>But we can certainly add them to S/MIME, why not.</div>
</div>
<div><br>
</div>
</div>
</div>
</blockquote>
VeriSign is one single certificate authority. There are many, many mo=
re certificate authorities spread across the world, and unless you can guar=
antee an air-gapped network with tightly constrained physical security cont=
rols and a secret videotaped bohemian
ceremony such as the one you reference above at each and every one of thos=
e CAs, then maybe it's not such a "silly accusation" to think tha=
t root CAs are routinely distributed to multinational secret services to pe=
rform MITM session decryption on any form
of communication that derives its security from the CA PKI.<br>
<br>
To whit: "...Mozilla maintains a list of at least 57 trusted roo=
t CAs, though multiple commercial CAs or their resellers may share the same=
trusted root)." [<a href=3D"http://en.wikipedia.org/wiki/Certificate_=
authority">http://en.wikipedia.org/wiki/Certificate_authority]</a><br>
<br>
Another relevant read: <a href=3D"http://www.quora.com/SSL-Certificat=
es/How-many-intermediate-Certificate-Authorities-are-there#">
http://www.quora.com/SSL-Certificates/How-many-intermediate-Certificate-Aut=
horities-are-there#</a><br>
<br>
</body>
</html>
--_000_718DFA7882181D45B8BD18F31C46D55427B2210BMBX204domainloc_--
--===============0153931550062379933==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============0153931550062379933==--