[Discuss] Why the dislike of X.509?

Fri Aug 29 11:00:26 EDT 2014

On 8/29/2014 8:23 AM, Matthew Gillen wrote:
> My understanding (and it's possible I made this up, I can't seem to find
> any supporting documentation with a cursory search of the intertubes) is
> that the main approach to dealing with CA compromises is to use
> chaining: you have the root CA(s) locked up and offline in high
> security.

That's how we expect X.509 root CAs to operate. Problem is, X.509 has no
mechanism to verify that the root CA that is allegedly locked up,
offline, in a secure vault has not been compromised. We are required to
trust that, for example, the SSL root certificates are good solely on
the say-so of companies that care more about their public images and
stock prices than in their customers' security.

-- 
Rich P.