Account confirmers, Anti-spam team, Confirmed users, Bureaucrats and Sysops emeriti
4,925
edits
CA/CT Redaction: Difference between revisions
More tweaks
(→Against: Updated response to "Recourse" to make it clear it's not responding to the thread points, but also added notes about "Contoso's" use case and "hostile logging" if redaction is accepted) |
(More tweaks) |
||
| Line 11: | Line 11: | ||
===== Response ===== | ===== Response ===== | ||
In Chrome at least, which is currently the only browser that checks CT, enterprises already have this capability via enterprise policies, which do not require the installation of a specific root CA. I.e. they can turn off the CT requirement for particular roots. In addition to the existing policies that allow whitelisting per-domain, Chrome has announced it will allow some limited flexibility for whitelisting by keys, to support organizations with managed CAs for a set of domains. This was part of why Chrome deferred | In Chrome at least, which is currently the only browser that checks CT, enterprises already have this capability via enterprise policies, which do not require the installation of a specific root CA. I.e. they can turn off the CT requirement for particular roots. In addition to the existing policies that allow whitelisting per-domain, Chrome has announced it will allow some limited flexibility for whitelisting by keys, to support organizations with managed CAs for a set of domains. This was part of the reason why Chrome deferred the date for requiring CT to April 2018. | ||
=== Concealing Network Topography === | === Concealing Network Topography === | ||
| Line 42: | Line 42: | ||
For some IoT devices (cameras, sensors, etc.), geolocation information is very sensitive. However, IoT manufacturers may want to put geolocation information into the certificate to make management of large numbers of devices easier. This leads to a desire for redaction so the attacker does not have both the server's addressable name and its location. | For some IoT devices (cameras, sensors, etc.), geolocation information is very sensitive. However, IoT manufacturers may want to put geolocation information into the certificate to make management of large numbers of devices easier. This leads to a desire for redaction so the attacker does not have both the server's addressable name and its location. | ||
===== Response ===== | |||
This point assumes that the IoT will be using publicly trusted certificates. | |||
=== Logging Reveals Commercially Sensitive Information === | === Logging Reveals Commercially Sensitive Information === | ||
| Line 50: | Line 54: | ||
===== Response ===== | ===== Response ===== | ||
* How? even if we grant for the sake of discussion that counting certificates is a good way of determining how many devices are shipped, redaction won't change the number of certificates logged. | * How would redaction help? even if we grant for the sake of discussion that counting certificates is a good way of determining how many devices are shipped, redaction won't change the number of certificates logged. | ||
* Wildcard certificates would suffice for new unreleased services even when being tested publicly. Those could be replaced with fully-qualified certificates (including EV if desired) when the service is announced. | * Wildcard certificates would suffice for new unreleased services even when being tested publicly. Those could be replaced with fully-qualified certificates (including EV if desired) when the service is announced. | ||