Some years ago (probably in 2000) I persuaded a major bank to remove the majority of CA certificates from the key store of the browser they had deployed.<div><br></div><div>The IT department regarded the change as a nuisance, but the Legal department understood the problem as soon as I showed them the list of CAs.</div>
<div><br></div><div>May I conduct an informal survey? Who on this mailing list has not removed any of the CA certificates that were pre-installed by whoever supplied your browser?</div><div><br></div><div> Mark</div>
<div><br><br><div class="gmail_quote">On 25 January 2011 20:24, Ian Batten <span dir="ltr"><<a href="mailto:igb@batten.eu.org">igb@batten.eu.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im"><br>
On 25 Jan 2011, at 16:18, Passive PROFITS wrote:<br>
<br>
> That would not deal with the falsifying of certificates. Assuming the code-base of this is not intentional corrupt, the addition of an extension such as certpatrol is also required (a firefox extension), to notify one when the SSL cert swap by the government/ISP (using the browser accepted as 'true' passported C.A.(s) under their control) has taken place (a MiTM is in progress notification function). The other known way would be manual/local (each time) inspection of the cert fingerprint(s). e.g. you note Facebook's fingerprint then check each time it's got the same 'print. Then (once under notice the hack is under progress) you could retreat, or start playing your own pre-planned counter-measures ... depending on the peril of the situation, tactics, etc, call the government, depending on the nature of your business, etc.<br>
<br>
</div>There's been some recent, if un-startling, discussion of this: <a href="http://www.freedom-to-tinker.com/blog/sroosa/flawed-legal-architecture-certificate-authority-trust-model" target="_blank">http://www.freedom-to-tinker.com/blog/sroosa/flawed-legal-architecture-certificate-authority-trust-model</a><br>
<br>
I suspect that once you have more than a handful of CAs, it's for practical purposes impossible to get any meaningful assurance that they are all legitimate. If CAs delegate their authority, it's difficult to even know that certificates whose chain of trust goes back to a CA you trust was actually issued by that CA. And for as long as any CA can issue a certificate in any name, any domain can be subverted by any one of the CAs.<br>
<br>
Which means that certificates are as weak as the weakest CA you trust, unless that CA in turn trusts a yet weaker CA.<br>
<br>
I've not looked at this in detail (perhaps I should) but I think it's possible in most browsers to trust _no_ CAs and yet trust individual certificates, which might have the required semantics: when a certificate is encountered, you check it (by whatever out of band mechanism you deem appropriate) and then add it to your certificate store, but you do not add its certifying keys.<br>
<font color="#888888"><br>
ian<br>
<br>
<br>
</font></blockquote></div><br></div>