SSL Certificates

George Herbert george.herbert at
Thu Feb 16 20:41:11 UTC 2012

On Wed, Feb 15, 2012 at 10:57 PM, Jimmy Hess <mysidia at> wrote:
> On Wed, Feb 15, 2012 at 6:49 PM, George Herbert
> <george.herbert at> wrote:
>> On Wed, Feb 15, 2012 at 4:17 PM, John Levine <johnl at> wrote:
>> The problem with anything related to Verisign at the moment is that
>> The possibility of their root certs being compromised is nonzero.
> The possibility of _ANY_  CA's root certs having been compromised is non-zero.
> There's no evidence published to indicate Verisign's CA key has been
> compromised,
> and it's highly unlikely.
> Just as there's no evidence of other CAs'  root certificate keys being
> compromised.

Please recall that this HAS happened to another CA in the last year.

>> There may be no problem; they also may be completely worthless.  Until
>> there's full disclosure...
> [snip]
> They are not completely worthless until revoked,  or distrusted by web browsers.

I think that's highly ass-backwards.

If it's been compromised and the compromise is not yet "fully known" -
revoked by the CA or distrusted by browsers - we exist in a nether
region where the customers connecting to "your" servers can be
transparently Man-in-the-Middle attacked.  If someone doing MiiM to
your customers would be a significant problem, then it's incumbent
upon you to not put your head in the sand when there's a
higher-than-normal risk that one CA may have A Problem.

The situation is in fact *worse* than "completely worthless".  In that
situation it has an active negative value.

This is complicated by the fact that you don't even need to be a
customer of that CA for that to be a risk.  If browsers trust that CA,
and that CA's keys are loose, then anyone with those can impersonate
anyone else on the net transparently.  But the fix for that revokes
the root cert and all the signed certs for that CA.  Immediately, if
the browser vendors response to the prior incident carries through to
a new one.  Buying new certs or continuing to use certs that have a
noticable risk of immediate revocation seems ... unwise.

Again - I don't know if it's been compromised.  The vendor is not
being forthcoming at that level of detail yet.  They are evidently
still trying to figure out how bad the penetration was.  That is not a
good sign, but does not automatically mean the worst by any means.

-george william herbert
george.herbert at

More information about the NANOG mailing list