On 01/01/2012 09:09 PM, Aaron Cannon wrote:
If a government agency wanted to read the encrypted traffic to and from gutenberg.org, would an EV certificate be significantly harder to compromise than a cheap domain verified cert? As far as I know, there is no cryptographic difference between the two types of certs. The only difference is in the price and the steps you have to go through to prove your identity when acquiring the certificate.
The difference is in the chain of trust. While there never can be 100% certainty, the shorter the chain is, and the stronger the links are, the greater the chance you will get away with it. And that can be a matter of live and death in some jurisdictions. If you need a high degree of certainty that you are indeed connected to the real PG site, you should not trust any browser bar colors, you should examine the certificate's chain of trust. Now if we get a certificate from Verisign the chain will be: - browser-installed Verisign certificate - Verisign Inc. - Project Gutenberg A user in (let's say) Iran, will have the certainty that no authority outside the US is in the chain of trust. That's enough security for an Iranian that wants to download Karl Marx. (It may not be enough for an US citizen wanting to download Karl Marx because US officials may very well have colluded with Verisign and tampered with the DNS system.) If instead we buy a certificate from discounter X: - the chain will be longer and contain unknown CA names, thus will be much harder to scrutinize for security - any CA on the chain of trust may have been tampered with with catastrophic consequences. Ironically the very CA that issues those cheap $9 `certificates´ has been tampered with, probably by the Iranian government: http://en.wikipedia.org/wiki/Comodo_Group#Breach_of_security -- Marcello Perathoner webmaster@gutenberg.org