[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: one possible motivation for X.509
At 12:35 PM 7/19/96 -0500, Rik Drummond wrote:
>>I have to get that mapping over a secure channel. If I have to go to that
>>trouble, then I can get the public key hash rather than the DN over that
>>channel and I won't have needed the DN.
>
>Nice discussion....Why do I need to "get the that mapping over a secure
>channel"? The point is not clear to me.....later...Rik
Thanks for the question, Rik -- nice practice for next week's talk :)
The premise we guard against with identity certificates is the one of a man
in the middle who controls *all* channels between me and my other person and
is able to impersonate that other person at will and in real time. If you
violate those assumptions, then you've allowed a way for us to exchange
public keys.
If you keep to those assumptions, then Mallet (in the middle between Alice
and Bob) can direct Alice to the wrong DN -- one Mallet created to
impersonate Bob or one belonging to some other Bob whom Mallet paid off.
I agree that this kind of attack assumes Mallet has a huge amount of power
-- but that's the assumption under which certificates are needed in the
first place.
- Carl
+--------------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+--------------------------------------------------------------------------+