[liberationtech] [guardian-dev] An email service that requires GPG/PGP?

[Seth David Schoen]

Tim Prepscius writes:

> We want to get to a state where an e-mail server is easy to set up.
> And runs with *non governmental* issued ssl certificates.

I think this might reflect a misperception of the threat model around
misissuance of certificates.

If you think governments are likely to use their own CAs for spying by
issuing fraudulent certificates, you want to remove trust for those
CAs _in your web browser_.  Having a valid, correct, and publicly issued
certificate from such a CA does not make the CA operator any more able
to spy on you.

There was a lot of concern when CNNIC became a root CA in mainstream
browsers because of the perception that the Chinese government could
force CNNIC to misissue certificates to facilitate surveillance.  But
this risk would be a reason for users not to trust the CNNIC root in
their browsers, not directly a reason for sites to avoid getting certs
from CNNIC.  The cert isn't some kind of poison for private
communications that use it, it's just a way of telling browsers that your
key is OK to use.  If you have a cert that tells browsers that your key
is OK to use and the browsers will accept it and you agree with the
contents of that cert, the cert is fine for you to use on your site.

The risk to me from, say, CNNIC is that even though I use a cert from
StartCom, CNNIC will secretly misissue a different cert for my site
containing a public key controlled by the Chinese government, and then
the government can use that to spy on some users who communicate with
my site.  The risk is not that I would ask CNNIC's CA for a cert for my
site containing my actual public key and that they would say yes and give
it to me. :-)

-- 
Seth Schoen  <schoen at eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107