IETF Logo Mail Archive

Re: [therightkey] Basically, it's about keeping the CAs honest

Martin Rex <mrex@sap.com> Thu, 16 February 2012 04:47 UTC

Return-Path: <mrex@sap.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E73FD21E803B for <therightkey@ietfa.amsl.com>; Wed, 15 Feb 2012 20:47:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.133
X-Spam-Level:
X-Spam-Status: No, score=-10.133 tagged_above=-999 required=5 tests=[AWL=0.116, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7QHut7rm0j4K for <therightkey@ietfa.amsl.com>; Wed, 15 Feb 2012 20:47:13 -0800 (PST)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by ietfa.amsl.com (Postfix) with ESMTP id 311CA21E8011 for <therightkey@ietf.org>; Wed, 15 Feb 2012 20:47:13 -0800 (PST)
Received: from mail.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id q1G4l9Nx009638 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 16 Feb 2012 05:47:09 +0100 (MET)
From: Martin Rex <mrex@sap.com>
Message-Id: <201202160447.q1G4l8rN001273@fs4113.wdf.sap.corp>
To: paul@marvell.com
Date: Thu, 16 Feb 2012 05:47:08 +0100
In-Reply-To: <7BAC95F5A7E67643AAFB2C31BEE662D01579DA14D8@SC-VEXCH2.marvell.com> from "Paul Lambert" at Feb 14, 12 07:04:09 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-SAP: out
Cc: nico@cryptonector.com, therightkey@ietf.org, mrex@sap.com, aerowolf@gmail.com
Subject: Re: [therightkey] Basically, it's about keeping the CAs honest
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: mrex@sap.com
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Feb 2012 04:47:14 -0000

Paul Lambert wrote:
> 
> I notice you're still attaching a root certificate of unknown
> quality as part of your signature.  Since it is different than my
> current class 2 root for the same named authority it may or may
> not be valid.  If I accept your certificate and root I'm potentially
> at risk that you will later maliciously create MITM certs.

Why do you care about the CA cert that signed Kyle's cert AT ALL?
If you don't recognize that CA cert, they you should continue to completely
ignore that CA cert.  If your MUA does not let you pin Kyle's cert
alone (for the purpose of verifying the signaturs on Kyles Emails),
but requires you to add cert of _his_ certifcation chain to add to
your trust anchors as a prerequisite for S/Mime signature verification,
then the PKI software used by your MUA is seriously broken.

-Martin

v2.23.0 | Report a Bug | By Email