Being able to partially distrust a Certificate Authority is good

#104 · ✸ 51 · 💬 14 · one year ago · utcc.utoronto.ca · zdw · 📷
One of the arguments I've heard against supporting partial distrust of Certificate Authorities in places like Linux root certificate stores is that a bad CA can simply backdate TLS certificates to get around things like 'certificates issued from December 1st 2022 onward won't be trusted'. The recent case of TrustCor is illustrative; as far as was reported to Mozilla, TrustCor never mis-issued any TLS certificates or committed any other clear violations of CA requirements. The problem with fully distrusting a CA is that you cause problems for people talking to legitimate sites making legitimate use of TLS certificates from the CA. Sometimes there is no real choice, but often there is a balance between the harm you would do now and the harm that you will prevent in the future. A partial distrust is a way to shift the balance of harm, so that you do less harm to people today at an acceptable cost for potential future harm. To copy the joke about owing a bank money, if you entirely distrust a popular CA today, that's your problem, while if you distrust a CA starting in six months, that's much more the CA's problem. Being able to credibly threaten CAs with distrusting future TLS certificates without breaking current users is a powerful weapon, and browsers have repeatedly been able to use it to force changes in CA behavior. Ubuntu entirely removing TrustCor's certificates is probably the right decision overall, but it does potentially harm people using Ubuntu who have previously been talking to hosts with TrustCor TLS certificates.
Being able to partially distrust a Certificate Authority is good



Send Feedback | WebAssembly Version (beta)