SSL Certificates

In article <> you write:


In a message written on Thu, Feb 16, 2012 at 12:57:25AM -0600, Jimmy Hess wrote:

There is a risk that any CA issued SSL certificate signed by _any_ CA
may be worthless some time in the future, if the CA chosen is later
found to have issued sufficient quantities fraudulent certificates,
and sufficiently failed in their duties.

One thing I'm not clear about is, are there any protocol or
implementation limitations that require only one CA?

I've had the same cert signed by multiple CAs, although rarely at the
same time. Never tried to present both versions in the same session,


They may not charge money, but it's not really free. You have to
provide them so much personal information, it feels like an
invitation to identity theft. At the least what they collect would
be valuable information to sell to marketeers.

They demand a valid residential address for the free personal-use certificate;
a business address will not do (and they check). Our mixed-use building did
not qualify.

Next option is one of their cheap business certificates, but then you must
send scanned images of:
  1. The cover of your passport
  2. The first pages of the passport
  3. The picture of you with your personal detail of your passport
  1. Both sides of your drivers license or identity card or
  2. Photo ID document issued by a local, state or federal authority.

In order to save a couple bucks, I'm gonna scan all this and send it off
to somewhere in Israel??? Geotrust or Comodo don't put you through this.
For $10, I'll keep my info, thanks.

The problem with anything related to Verisign at the moment is that

The possibility of their root certs being compromised is nonzero.

The possibility of _ANY_ CA's root certs having been compromised is non-zero.
There's no evidence published to indicate Verisign's CA key has been
and it's highly unlikely.

Just as there's no evidence of other CAs' root certificate keys being

Please recall that this HAS happened to another CA in the last year.

There may be no problem; they also may be completely worthless. Until
there's full disclosure...


They are not completely worthless until revoked, or distrusted by web browsers.

I think that's highly ass-backwards.

If it's been compromised and the compromise is not yet "fully known" -
revoked by the CA or distrusted by browsers - we exist in a nether
region where the customers connecting to "your" servers can be
transparently Man-in-the-Middle attacked. If someone doing MiiM to
your customers would be a significant problem, then it's incumbent
upon you to not put your head in the sand when there's a
higher-than-normal risk that one CA may have A Problem.

The situation is in fact *worse* than "completely worthless". In that
situation it has an active negative value.

This is complicated by the fact that you don't even need to be a
customer of that CA for that to be a risk. If browsers trust that CA,
and that CA's keys are loose, then anyone with those can impersonate
anyone else on the net transparently. But the fix for that revokes
the root cert and all the signed certs for that CA. Immediately, if
the browser vendors response to the prior incident carries through to
a new one. Buying new certs or continuing to use certs that have a
noticable risk of immediate revocation seems ... unwise.

Again - I don't know if it's been compromised. The vendor is not
being forthcoming at that level of detail yet. They are evidently
still trying to figure out how bad the penetration was. That is not a
good sign, but does not automatically mean the worst by any means.