[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Man in the middle attacks

At 21:18 3/7/96, Tony Bartoletti wrote:

>I am very interested in seeing Carl Ellison's promised formalization of
>short-term certificates vis-a-vis CRL's in this light.  As I understand it,
>the CA would reissue (or fail to reissue) a new short-term cert to the
>transaction initator (key-holder) at the time of the attempted
>to the same (semantic) effect.

OK.  I have a few projects for work-work which are taking precidence, but
I'll keep this formalization on the stack.  It's not that hard.

>As long as there are lawyers and high-risk transactions, Key-Centricity may
>have to resolve to CBU(Carbon-Based-Unit)-Centricity somewhere up the chain,
>although the resolved identity may be that of some liability-bearing agent
>rather than that of the key-holder/presenter.

You're right.  However, that binding to CBUs may exist in a private
corporate database rather than in a public certificate structure.  For
example, several corporations consider their employee lists company
confidential and employees are warned to shred old ones and never to give
such lists to outsiders.  This habit sounds a little inconsistent both with
X.500 and X.509.  Rather, I can imagine such companies keeping an internal,
private list binding CBUs to keys and issuing key-centered certificates to
the outside world which give no indication of employee name.

 - Carl

|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |