[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NIST involvement in PKI

Hal Finney wrote:
>This is the first I have heard that SPKI is only for authentication.
>Surely the Simple Public Key Infrastructure it creates could be used for
>secrecy as well.  I had though that one purpose of SPKI was to allow
>people to have confidence that the keys they are selecting for encrypting
>messages are the right ones to use.
>Or do you mean that SPKI really only describes the formats of the
>certificates that are used to authenticate keys in different ways, and
>what the users then do with these authenticated keys is outside the scope
>of the spec?
>>         What I need to find out is whether NSA would applaud the export of
>> source code for authentication-only applications without the crypto
>> routines.  I believe they would, but I don't know what kind of approval
>> process there is.
>Unless I am mistaken and there is something about SPKI which makes it
>impossible to use the keys it authenticates for encryption, I doubt that
>the NSA would like to see anything spread which could facilitate the safe
>and easy use of encryption.
>Hal Finney

My understanding of the State/NSA proscriptions on crypto export is that
any technology that *directly* supports (strong) "data hiding" is prohibited.
Clearly, DES is (at present) prohibited.

Suppose I sent you a secret (plaintext) message by carrier pidgeon.  You
receive the message, but wonder if it may have been tampered with.  I could
later send you a signed hash of the message, and using SPKI you could verify
that the hash, and hence the original message, was not tampered with.

Similarly, I could have sent you a DES key by carrier pidgeon, and later you
could verify that this was still the "operant" key by my electronic
transmission of a signed key hash.  In the broad sense, this could be said to
be "facilitating" encryption, but it is not data-hiding.  Sending you a
signed hash of a DES key is not the same as sending you the DES key itself.
All you can do is authenticate that a DES key already in your possession is
still "good".

Of course, one can perform trivial shared-secret calculations on DSA keys
generated from a set of common parameters (p,q,g). The pairwise shared-secret
can then be used to DES encrypt a random session key that in turn may be used
for DES data-hiding.  But I believe these kinds of operations are possible on
all public key schemes.  It is outside the charter of SPKI to police what
codes users may write to manipulate the PKI keys once they are in hand.

If the SPKI code spec is limited to defining certificate exchange and related
authentication, I believe that there is no real obstacle to exportation.

Best Regards,  ___TONY___

Tony Bartoletti                                             LL
SPI Project Leader                                       LL LL
Computer Security Technology Center                   LL LL LL
Lawrence Livermore National Lab                       LL LL LL
PO Box 808, L - 303                                   LL LL LLLLLLLL
Livermore, CA 94551-9900                              LL LLLLLLLL
email: azb@llnl.gov   phone: 510-422-3881             LLLLLLLL