[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Man in the middle attacks

At 10:18 3/7/96, Jueneman@gte.com wrote:
>The entire notion
>of key-centric identification falls apart, IMHO, when you start looking at
>certificates for clients and servers, for electronic commerce, and other
>applications where a human has not been involved in a series of transactions.

To the contrary, the key-centered certification comes naturally from
electronic commerce needs.

Take, for example, my bank account.  I go to my bank today and open an
account.  I give them my SSN and sign a form.  They give me an account

Given digital signatures, I still go to them, give them my SSN and
digitally sign a form.  They give me an account number.  They keep, in a
database of their own [rather than some CA's database] my name, SSN, public
key and whatever other identifying information they need to feel warm and
fuzzy about tracking me down in case of fraud.  They create an attribute
certificate signing my public key and giving it permission to sign
electronic checks on the indicated bank account.  They sign it with their
own signature key.  Meanwhile, the banks in a region get together to
certify one another's keys and my bank gives me not only my own attribute
certificate but a signed certificate pointing me at the regional CA which
my bank trusts to identify other banks.

All of these are key-centered certificates.  There is no global CA
hierarchy involved.

>>Keys and signatures solve persistence of identity.
>Agreed. And even a anonymous persona "certificate" or bare keys is sufficient
>for this purpose, once some notion of identity has been established.

Yes -- some notion of identity must be established.

My point with key-centered certificates is that if you have a public key,
you have a notion of identity immediately.  "The person(s) who can sign
challenges that can be verified with this public key" is a statement of
identity -- a more solid one than "an American male answering to the name
Carl Ellison".  That implicit identity needs no CA.  It lacks some things
[like a common name] but for many things, like electronic commerce,
clients/servers, capabilities [ala Lampson], ....

 - Carl

|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |