[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Man in the middle attacks
Because of the volume of messages recently, I have not followed this thread as
closely as I perhaps should have.
However, it seems to me that the discussion has been excessively narrow, and
involves only person-to-person e-mail types of interactions. The entire notion
of key-centric identification falls apart, IMHO, when you start looking at
certificates for clients and servers, for electronic commerce, and other
applications where a human has not been involved in a series of transactions.
>Keys and signatures solve persistence of identity.
Agreed. And even a anonymous persona "certificate" or bare keys is sufficient
for this purpose, once some notion of identity has been established. And vis a
vis the CRL issue, the only reason for revoking a key in this case is the
suspected compromise of that key (or just a change of keys for the sake of
prudence). Reporting such a compromise through the CA, and making use of the
CAs CRL mechanism is one way to solve this problem, but since it is the
rightful key holder who wants to revoke the key, there may be other ways of
implementing this function.
>Certificates are intended to solve consistency of identity.
I'm not sure what that means. Consistency with what? Perhaps consistency with
the "real world"?
It might be a bit of a reach, but I think that I could claim that certificates
provide a mechanism for some third party to provide confirmation to a relying
party as to the "role" that the user who possesses the corresponding private
key claims to have. This role may be implicit, by virtue of the name (an
daddress, etc., if present), or it may be explicit in the case of a role name
or particular credential that is included in the certificate by the CA.
With respect to the CRL issue, assuming that people are not egregiously
careless with their keys, the most common reason for a CRL in this environment
is the change of status. the person who is identified is no longer at that
address, is no longer a member of the organization, or no longer has the role
capability that was previously assigned. In this case the key holder has
nothing whatsoever to say about the revocation, as it is performed unilaterally
by the CA to protect the CA (and any relying parties) _from_ the key holder,
who might want to abuse her former privilege.
>Jon Lasser (410)494-3072 - Obscenity is a crutch for
>firstname.lastname@example.org inarticulate motherfuckers.
>Finger for PGP key (1024/EC001E4D) - Fuck the CDA.
[I agree with the sentiment, but not the tasteless means of expressing it.]
Robert R. Jueneman
40 Sylvan Road
Waltham, MA 02254
"The opinions expressed are my own, and may not
reflect the official position of GTE, if any, on this subject."