[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Private keys and the emperor's clothes
At 11:19 AM 6/21/96 -0600, Bob Jueneman <firstname.lastname@example.org> wrote:
>In a private message commenting on the risk of two private keys being
> generated that would match, the author made some
>observations that I think are worth commenting on:
>> ...a hierarchy could detect
>>collisions more easily than could web-crawler-type technology
>>searching globally distributed uncoordinated directories.
>>But once one were detected what do you do? You either need
>>to have the CAs generate the private keys (clearly undesirable)
>>or you have the CA notify the principal that somewhere in the world
>> there is someone he can spoof (also not desirable).
You could also have the CA revoke the certification and notify the holder.
It's a shade brutal, but does the job. [Sigh...]
>But let me poke gently at another of your assumptions,
>that it would be "clearly undesirable" to have the CA generate
>the private key. This may be a sacred cow, but why is this necessarily so?
>[... legal/fiduciary relationship discussion...]
>[... discussion of insecurity of key generation by typical user
vs. economically-mandated better security at CA ...]
If the user's DOS-PC-running-Java-on-the-Internet is vulnerable
during key generation, it's also vulnerable during use,
and it's also vulnerable during data transfer from the CA to the user.
In a less drafty environment, where the user's machine is tolerably secure,
the transfer stage is still somewhat vulnerable.
>This just reinforces the point that it is necessary to look at the
>_entire_ system when evaluating the overall strength and weakness
>of an approach, not just particular components.
>This, of course, is a tough job. Sigh.
# Thanks; Bill
# Bill Stewart +1-415-442-2215 email@example.com
# Dispel Authority!