[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec near term work

To: Derek Atkins <warlord@mit.edu>
Subject: Re: IPsec near term work
From: Stephen D Crocker <crocker@tis.com>
Date: Wed, 02 Feb 94 18:18:46 +0000
Cc: Phil Karn <karn@qualcomm.com>, ipsec@ans.net
In-Reply-To: Your message of "Wed, 02 Feb 94 18:11:20 EST." <9402022311.AA17742@toxicwaste.media.mit.edu>

> > Our implementation does not match PGP's web of trust completely.  I'm
> > not sure I understand all of the implications of a web of trust.  But
> > the general thrust of our work here is to attempt to deal with a
> > larger range of models for precisely the same reasons you have in
> > mind.
> 
> I've been trying to come to grips with this myself, Steve.  I've sat
> down with a number of people and tried to explain how this works, each
> time beginning to understand it better myself.  One of the major
> differences with the web is that a certificate can have any number of
> signatures on it, and also it means that *ANYONE* can become a
> certification authority.

Right.  I don't believe that the limited extensions we've put in
TIS/PEM match the entire set of capabilities in PGP.

> Since trust is not automatically transitive without setting individual
> trust parameters, it has, without any changes, become a cryptographic
> equivalent of TIS/PEM.

I assume you're speaking about PGP.  Unfortunately, I'm not familiar
with the detailed controls of PGP.

> However, if I understand TIS/PEM properly, when you trust a
> certificate, you don't sign it yourself -- rather, you just stick a
> bit in the database that says you trust it.  (Please correct me,
> possibly in private email, if I am wrong here -- I haven't looked at
> the code myself).

That's right.

> However, since you can have multiple signatures, this means that you
> can be signed by any number of "CA"'s, each of which may or may not
> trust one another, and it puts a cryptographic mark on the certificate
> to show to yourself and others that this trust exists.

Hmmm... I'm not sure how this relates to the previous text.  One can
have multiple signatures, but we don't have much experience with them.
I believe the current implementation of TIS/PEM doesn't handle
multiple certificates very well.


> I realize that these aren't *all* the implications -- I'm sure that
> even Phil Zimmermann doesn't understand *all* the implications -- but
> I hope I've shed some light it a little.

One of the criticisms of the web of trust model in PGP is that it's
hard to characterize precisely what the properties are.  Theorems,
anyone?

I'm not suggesting that lack of formal rigor invalidates it
completely, but it's not unreasonable to worry about such things as we
scale up our use of certificates.


Steve

Follow-Ups:

Re: IPsec near term work

From: "Perry E. Metzger" <pmetzger@lehman.com>

References:

Re: IPsec near term work

From: Derek Atkins <warlord@MIT.EDU>

Prev by Date: Re: IPsec near term work
Next by Date: Re: IPsec near term work
Prev by thread: Re: IPsec near term work
Next by thread: Re: IPsec near term work
Index(es):
- Main
- Thread