Re: Buying and selling root certificates

["Alexei Roudnev" <alex () relcom net>]

Self signed certificate protects you against any _short term_ attack -
insuregent must
maintain his own certificate, interceipt your connections, redirect my
packets _BEFORE_ I connect very first time (after it, I got certificate and
am protected).

So, it is reasonable (to use commercial certificates) for public financial
services (banks, e-commerce); all other kinds of
services do not require it - all insurgent can do is to fraud you once in a
life... unrealistic scenario.

Certificate Authorities are a very good example of _blown up_ business.
(Yes, they verify identity... what the difference, if you maintain 1 or 100
domains under the same company name and same basic level domains...
Certificate should cost 20% for 1 year, not 400$).

Do not overestimate importance of it...  it is more for the public
relations, not for the real security.
(but I never propose any bank, any point of sale, any e-commerce to use
self-signed certificate for _public_ service...
 even if risk is 0.000001%)..




----- Original Message ----- 
From: "Steven M. Bellovin" <smb () research att com>
To: "Sean Donelan" <sean () donelan com>
Cc: <nanog () merit edu>
Sent: Wednesday, April 28, 2004 6:05 PM
Subject: Re: Buying and selling root certificates


> In message <Pine.GSO.4.58.0404281950200.9806 () clifden donelan com>, Sean
Donelan
>  writes:
> > Not that SSL certificates are worth the paper they aren't printed
> > on; I still find this vaguely disturbing.  Just who do you think your
> > computer is trusting?
> >
> > http://www.websheji.com/domain-names/news/id506.html
> >  Bob Parsons, CEO of Go Daddy, said that Starfield Technologies, a
> >  subsidiary of the company, bought an unused root certificate, trusted
by
> >  99% percent of the browsers from ValiCert Inc more than a year ago has
> >  been developing the system since then.
> >
> > I'm not that interested in SSL for web servers, but I have noticed a
> > gradual increase in the number of mail servers willing to STARTTLS with
> > mine.  I was experimenting with trying to verify some of the certificates
> > presented, its not real security, but makes the logs cleaner.
>
> Matt Blaze said it well:  "A commercial CA will protect you from anyone
> from whom they won't take money."
>
> Put another way, what's your threat model?  Against what threats are
> you trying to defend yourself?  Rob Seastrom seems to be trying to
> defend himself against passive eavesdroppers, for which SSL without
> certificate verification is an entirely adequate defense.  If your
> concern is phishing, however, you need to check the certificate chain,
> the policies of the trust anchor (AKA "root CA"), and its reputation
> for actually enforcing those policies with proper verification.
> Verisign, for example, was fooled a few years ago by someone who
> claimed to be Microsoft -- but they had sufficient back-end
> verification that the spoof was detected.  Is this good enough?  What's
> your threat model...?
>
>
> --Steve Bellovin, http://www.research.att.com/~smb