This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[cooperation-wg] Redirecționat: new draft CAs Redirecționat: ITRE draft report on eIDAS - invitation to the 3rd shadows' meeting on Tuesday, 2 July 2013 in Strasbourg at 9h00-10h00 (meeting room S4.5 - Louise Weiss)
- Previous message (by thread): [cooperation-wg] Redirecționat: new draft CAs Redirecționat: ITRE draft report on eIDAS - invitation to the 3rd shadows' meeting on Tuesday, 2 July 2013 in Strasbourg at 9h00-10h00 (meeting room S4.5 - Louise Weiss)
- Next message (by thread): [cooperation-wg] Prism
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Nick Hilliard
nick at inex.ie
Mon Jul 1 12:45:34 CEST 2013
On 30/06/2013 23:49, ANDERSDOTTER Amelia wrote: > However, qualified X and advanced X are legacies from the e-signatures > directive in 1999. The Commission has not proposed to remedy this system > even though it has turned out not to work in any member state It is highly ironic that the commission is talking about giving legal basis to a trust service provider, given that in the past several years they have utterly failed in their primary purpose of providing a trust mechanism. Risk analysis indicates that TSPs are inherently weak. When they work, they provides a reasonable level of convenience. But the consequences of security failure are extreme, and outside damaging trust in the system as a whole, compromises may have serious practical consequences. A good example of this is the dutch PKIgovernment program and the Diginotar compromise. I can't imagine anyone in the NL government being much impressed that the iranian government had write access to their public key infrastructure. It is tempting to write off Diginotar as an outlier case and dismiss its failure as inconsequential to the core concept of trust service providers. This is myopic. Trust service providers will become targets according to the overall trust load which they handle, whether by malicious individual attack (e.g. verisign in 2000 and 2010), state attack (e.g. diginotar), or civil legal compromise from other jurisdictions. This doesn't even include incompetence-related screwups (e.g. the trustwave intermediate CA delegation), or deliberate contractual trust delegation allowing many hundreds of unknown companies to forge arbitrary certificates: http://www.schneier.com/blog/archives/2010/09/uae_man-in-the-.html Why should every computer in the world trust every organisation here: https://www.eff.org/files/colour_map_of_CAs.pdf ? Bruce Schneier's "Ten Risks of PKI" paper provides a readable analysis of PKI which is aimed at the general public: http://www.schneier.com/paper-pki.pdf Although it was written 13 years ago (i.e. prehistoric by Internet standards), all the points he made then are still relevant today, except that we now have the benefit of 13 years experience, and a large amount of analysis of both trusted authority compromises and the consequences of compromise. Compromise of trusted certificate providers is inevitable and the consequences can be catastrophic. Creating legal trust in this mechanism is frankly bizarre. Nick
- Previous message (by thread): [cooperation-wg] Redirecționat: new draft CAs Redirecționat: ITRE draft report on eIDAS - invitation to the 3rd shadows' meeting on Tuesday, 2 July 2013 in Strasbourg at 9h00-10h00 (meeting room S4.5 - Louise Weiss)
- Next message (by thread): [cooperation-wg] Prism
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]