[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Private keys and the emperor's clothes

At 11:19 AM 6/21/96 -0600, Bob Jueneman <bjueneman@novell.com> wrote:
>In a private message commenting on the risk of two private keys being
> generated that would match, the author made some 
>observations that I think are worth commenting on:
>> ...a hierarchy could detect
>>collisions more easily than could web-crawler-type technology 
>>searching globally distributed uncoordinated directories.  
>>But once one were detected what do you do?  You either need 
>>to have the CAs generate the private keys (clearly undesirable) 
>>or you have the CA notify the principal that somewhere in the world
>> there is someone he can spoof (also not desirable).

You could also have the CA revoke the certification and notify the holder.
It's a shade brutal, but does the job.  [Sigh...]

>But let me poke gently at another of your assumptions, 
>that it would be "clearly undesirable" to have the CA generate 
>the private key. This may be a sacred cow, but why is this necessarily so?

>[... legal/fiduciary relationship discussion...]
>[... discussion of insecurity of key generation by typical user
        vs. economically-mandated better security at CA ...]

If the user's DOS-PC-running-Java-on-the-Internet is vulnerable
during key generation, it's also vulnerable during use, 
and it's also vulnerable during data transfer from the CA to the user.
In a less drafty environment, where the user's machine is tolerably secure,
the transfer stage is still somewhat vulnerable.

>This just reinforces the point that it is necessary to look at the 
>_entire_ system when evaluating the overall strength and weakness 
>of an approach, not just particular components. 
>This, of course, is a tough job. Sigh.


#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Dispel Authority!