[therightkey] RA vs CA
Ben Laurie <benl@google.com> Wed, 08 January 2014 18:30 UTC
Return-Path: <benl@google.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com
(Postfix) with ESMTP id 9AB461AE066 for <therightkey@ietfa.amsl.com>;
Wed, 8 Jan 2014 10:30:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.917
X-Spam-Level:
X-Spam-Status: No,
score=-1.917 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,
DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622,
RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id odfacT4WKt64 for
<therightkey@ietfa.amsl.com>; Wed, 8 Jan 2014 10:30:24 -0800 (PST)
Received: from mail-vb0-x22e.google.com (mail-vb0-x22e.google.com
[IPv6:2607:f8b0:400c:c02::22e]) by ietfa.amsl.com (Postfix) with ESMTP id
642031AE06C for <therightkey@ietf.org>; Wed, 8 Jan 2014 10:30:24 -0800 (PST)
Received: by mail-vb0-f46.google.com with SMTP id w20so1431770vbb.19 for
<therightkey@ietf.org>; Wed, 08 Jan 2014 10:30:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113;
h=mime-version:date:message-id:subject:from:to:cc:content-type;
bh=2SWBvBc0aO7Q6dUPm/r4NOGRm+HpZEsEBQ6pfr4WPUc=;
b=ENYRwVg41FxFsrKB4Noa//VWAE3V5s2MVrQKyFoEYTMInZEeEje68L2R7+Vq3SKUV9
9MTdw6bYbuqLo62auZuuYGXZtVNKDkCRoPUwJ8KmcLWJka/kGD1t2JqPbL05CSUFDTsO
R+sTs3aiVqk9Zn4rqUa0Z4x7ZQCNGiZ1DxAUDq9nOkNfN7AZwIFFISk16PxC5IQUhrHS
yEQMxLyYV8Brq/eKS3At8lU5iQfXD1pkpguRbm3xY75asjdl7li8sv6c+uFIWxakQ1z+
a3vVQ7zBfhki30F5EvUdkHynJ+dC2fce8E17E4TzUhuupJ+a3+hZ7h1akaEPyxFaVzBC kzzg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net;
s=20130820;
h=x-gm-message-state:mime-version:date:message-id:subject:from:to:cc
:content-type; bh=2SWBvBc0aO7Q6dUPm/r4NOGRm+HpZEsEBQ6pfr4WPUc=;
b=ONMfQ8ung0Vg2WKfp1sbBDduj08lzu6CnYnveBLQ5rHpRiCDTboQf1pa87WrX7FRrU
aXwK9FFFTnzsRs+Nm7j8KzcX7fBaAl14PaRefSI9vf0sBZFnpvykw2G/+7SRJV1WTJLL
4ffVb+vOAsuwNUqOnJYnOnKVMaakn6NL6SQA18eutIRYFYcozpPEsMtlp1Q+egaomiVI
vdeuqrWz71KD3IqzFUw+Avm8n3v7sxpwx2/PZjGaVFCV2co9WZTbuOMdQ54yGUnh0D6q
c4cI5zpE6XkYiu8qOm/lPr2DET0CGeabT+r3fyxlXwgWdTiVtKhYEpgrqYh2b5UDezHW Gb1A==
X-Gm-Message-State: ALoCoQmIezJ9xmnbWS5w3HzxI/58LH38VyddTnaqZ+BCInJqejC4UUWQ8IE4aGfH+AP9ppzVl/dTC9qWMQeWXEpJalCeMzjsnJoOW/R9Zq9InwqMpgQe+WdjXM6IiEhhqDBv670+gs/Kj0SHaA/FveDBigLByKJ8EVSUQn/arteUNzPWW1LlK/nH4n6JSVEiX74h5dhOeupX
MIME-Version: 1.0
X-Received: by 10.58.211.130 with SMTP id nc2mr9953843vec.7.1389205814794;
Wed, 08 Jan 2014 10:30:14 -0800 (PST)
Received: by 10.52.169.202 with HTTP; Wed, 8 Jan 2014 10:30:14 -0800 (PST)
Date: Wed, 8 Jan 2014 18:30:14 +0000
Message-ID: <CABrd9SRDArFhJwTsJKoOaqnpW5-mShLYXsybbNROgkPSgfEh5Q@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Ralph Holz <holz@net.in.tum.de>
Content-Type: text/plain; charset=UTF-8
Cc: "therightkey@ietf.org" <therightkey@ietf.org>,
Seth David Schoen <schoen@eff.org>
Subject: [therightkey] RA vs CA
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>,
<mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>,
<mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jan 2014 18:30:26 -0000
On 27 December 2013 10:06, Ralph Holz <holz@net.in.tum.de> wrote: > Hi, > > [The EFF's count] > >>> You can't calculate the number of CAs the way the EFF tried to. An >>> intermediate certificate does not equate to a CA. Pretending it does to >>> peddle an alternative PKI scheme calls into question their veracity. >>> >> >> I disagree strongly. I have an intermediate certificate. I am as >> powerful CA as a result. >> Please also see these estimates which are even higher: >> >> https://zakird.com/slides/durumeric-https-imc13.pdf >> >> "Identified 1,832 CA certificates belonging to 683 organizations" >> "311 (45%) of the organizations were provided certificates by >> German National Research and Education Network (DFN) " > > I was there at IMC and spoke with Zakir. He was not aware of the fact > that the private keys to all the intermediate certificates are held by > the central DFN Verein, not the RAs themselves. In the case of DFN, the > intermediate certs only identify the RAs. The RAs do not carry signing > power. What is the function of an RA, then, if not to tell a CA "sign this"?
- [therightkey] RA vs CA Ben Laurie
- Re: [therightkey] RA vs CA Jeremy Rowley
- Re: [therightkey] RA vs CA Jeremy Rowley
- Re: [therightkey] RA vs CA Ralph Holz
- Re: [therightkey] RA vs CA Phillip Hallam-Baker