[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: editorial on Photuris
-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,MIC-CLEAR
Content-Domain: RFC822
Originator-Certificate:
MIIBvzCCAWkCEFmOln6ip0w49CuyWr9vDVUwDQYJKoZIhvcNAQECBQAwWTELMAkG
A1UEBhMCVVMxGDAWBgNVBAoTD1NlY3VyZVdhcmUgSW5jLjEXMBUGA1UECxMOU2Vj
dXJlV2FyZSBQQ0ExFzAVBgNVBAsTDkVuZ2luZWVyaW5nIENBMB4XDTk1MDUwODIw
MjMzNVoXDTk3MDUwNzIwMjMzNVowcDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Nl
Y3VyZVdhcmUgSW5jLjEXMBUGA1UECxMOU2VjdXJlV2FyZSBQQ0ExFzAVBgNVBAsT
DkVuZ2luZWVyaW5nIENBMRUwEwYDVQQDEwxDaGFybGVzIFdhdHQwWTAKBgRVCAEB
AgICBANLADBIAkEM2ZSp7b6eqDqK5RbPFpd6DGSLjbpHOZU07pUcdgJXiduj9Ytf
1rsmf/adaplQr+X5FeoIdT/bVSv2MUi3gY0eFwIDAQABMA0GCSqGSIb3DQEBAgUA
A0EApEjzeBjiSnGImJXgeY1K8HWSufpJ2DpLBF7DYqqIVAX9H7gmfOJhfeGEYVjK
aTxjgASxqHhzkx7PkOnL4JrN+Q==
MIC-Info: RSA-MD5,RSA,
A6fe0hqFROJGqdI5VoNSKgJbwRyB8ZCyOOrweEc6tjWLnGlu4/7NGqUa+Kjtv7AI
2oZojCJHKRXTRfjOP1DmDOs=
Paul Leach wrote:
> Charles said:
> ] True, but to the user neither:
> ]
> ] Charles.Watt@sware.com
> ] sware.com
> ] ga.gov
> ]
> ] nor
> ] CN=Charles Watt, O=SecureWare, C=US
> ] O=SecureWare, C=US
> ] O=Georgia Certificate Authority, C=US
> ]
> ] are as effective as a more formatted display. If you need to reformat
> ] anyway, what's the difference?
> ]
>
> Reformatting for UI purposes is not the issue. If I make a connection to
> www.sware.com
> using (e.g.) SSL or PCT, and the certificate comes back and proves I've
> just contacted "O=SecureWare, C=US", have I contacted the correct
> server, or not? I can't determine this automatically in my browser (or
> better yet, in the secure connection layer), and if the user is relied
> upon to decide, then if I'm a spoofer, I'll for sure pick a name that
> is as close as possible to the one I'm spoofing so as to fool users
> into saying that it is the name to which they were trying to connect.
>
> My principle: if you're making a secure connection to a DNS-named
> entity, then the certificate MUST bind its DNS name to its key.
> (Something that can be trivially and algorithmically mapped to a DNS
> name would be OK -- but I've never seen anyone present an X.509
> example, real or hypothetical, where that's true. One post to this
> list (or pkix -- I forget) showed the DN in a Verisign certificate of a
> real SSL-using web site, and the relation between its DN and it DNS
> name was not even as close as Charles' example above. The DN named the
> parent corporation of the entity that ran the web site...)
You are quite correct that establishing trust is the single most important
issue for any public key infrastructure. However, deriving trust from the
name, whether using DNs or domain names is foolish at best. I can spoof
DNS servers, can't you? At this time the only secure method (of which I
am aware) that has been suggested for establishing trust for public key
operations is to cryptographically link an unknown Name/Key binding to some
established Name/Key binding that you implicitly trust.
X.509 specified a very general approach to solving this problem, an approach
that was too general to be of any use. Finding an approach that works well
in various operational environments is difficult, and has been the subject
of much debate. This is the most significant difference between PGP and PEM.
It, not the horrid encoding format, is the fundamental problem slowing
X.509 deployment. It is the problem that any replacement for X.509
would have to solve. And it is the problem that the pkix working group
is wrestling with.
Charles Watt
SecureWare
-----END PRIVACY-ENHANCED MESSAGE-----
References: