[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Man in the middle attacks

Because of the volume of messages recently, I have not followed this thread as 
closely as I perhaps should have.

However, it seems to me that the discussion has been excessively narrow, and 
involves only person-to-person e-mail types of interactions. The entire notion 
of key-centric identification falls apart, IMHO, when you start looking at 
certificates for clients and servers, for electronic commerce, and other 
applications where a human has not been involved in a series of transactions.

>Keys and signatures solve persistence of identity. 

Agreed. And even a anonymous persona "certificate" or bare keys is sufficient 
for this purpose, once some notion of identity has been established. And vis a 
vis the CRL issue, the only reason for revoking a key in this case is the 
suspected compromise of that key (or just a change of keys for the sake of 
prudence). Reporting such a compromise through the CA, and making use of the 
CAs CRL mechanism is one way to solve this problem, but since it is the 
rightful key holder who wants to revoke the key, there may be other ways of 
implementing this function.
>Certificates are intended to solve consistency of identity.

I'm not sure what that means. Consistency with what? Perhaps consistency with 
the "real world"?

It might be a bit of a reach, but I think that I could claim that certificates 
provide a mechanism for some third party to provide confirmation to a relying 
party as to the "role" that the user who possesses the corresponding private 
key claims to have.  This role may be implicit, by virtue of the name (an 
daddress, etc., if present), or it may be explicit in the case of a role name 
or particular credential that is included in the certificate by the CA.

With respect to the CRL issue, assuming that people are not egregiously 
careless with their keys, the most common reason for a CRL in this environment 
is the change of status. the person who is identified is no longer at that 
address, is no longer a member of the organization, or no longer has the role 
capability that was previously assigned. In this case the key holder has 
nothing whatsoever to say about the revocation, as it is performed unilaterally 
by the CA to protect the CA (and any relying parties) _from_ the key holder, 
who might want to abuse her former privilege.
>Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
>jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
>Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.

[I agree with the sentiment, but not the tasteless means of expressing it.]


Robert R. Jueneman
GTE Laboratories
40 Sylvan Road
Waltham, MA 02254

"The opinions expressed are my own, and may not 
reflect the official position of GTE, if any, on this subject."