[caops-wg] Name Constraints - attempt at framing issues

[Von Welch]

Bob,
I'll try to make it more concrete.

CA1's policy is that it issues certificates with DNs starting with  
"A", Alice is one such certificate.
CA2's policy is that it issues certificates with DNs starting with  
"B", Brett is one such certificate.
A relying party trusts both CA1 and CA2, and grants privileges to  
Alice and Brett.

If CA1 is compromised, then CA1's key could be used to forge a  
certificate for Alice and the relying party compromised.

If CA1's key is also used to forge a certificate for Brett (even  
though this is outside  what CA1 such be signing). Are we concerned  
about the additional threat that the forged Brett certificate could  
also be used by the entity that compromised CA1 to further compromise  
the relying party?

Von


On Oct 13, 2005, at 9:23 PM, Cowles, Robert D. wrote:

>
>
>> 3) If a CA is compromised, given currently implementations,
>> this will
>> result in the compromise of all certificates issued by that CA. An
>> additional threat that a CA compromise would result in, is the
>> compromise of privileges bound to certificates issued by other CAs,
>> at relying parties that trust the compromised CA. Is this threat of
>> concern to us?
>>
>>
>>
>
>
> Von -- can you describe this? I can't figure out what this means.
>
> BC
>
>