[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: global names are a security flaw
On Thu, 4 Dec 1997, Carl Ellison wrote:
-> -----BEGIN PGP SIGNED MESSAGE-----
-> In Subj: Re: I-D ACTION:draft-ietf-spki-cert-theory-00.txt
-> At 09:38 AM 12/3/97 -0200, Ed Gerck wrote:
-> >The SPKI document stresses that global names would mean a "security flaw"
-> >and I understand you agree that this is incorrect because it is not a
-> >"security flaw".
-> The security flaw shows up if the name is ever used as an identifier of a
-> flesh and blood person. For example,
-> .... snip, example
My fingerprint, retina scan and DNA sequence and are three examples of
global names. Their existence would never mean a security flaw -- on the
contrary, they may allow myself to prove innocence in court. Conversely,
to pick a simple example (cf Bohm), if a man charged with a crime is seen
on video footage committing it, and has the same DNA and fingerprints of
which evidence was found at the scene, his birth name and place of birth
are irrelevant: he has been identified as the criminal by his global
"names": fingerprints and DNA.
Your example, on the other hand, has nothing to do with global names and
would just as well "work" with local names. Your example is just an
instance of a poor protocol.
-> To correct this flaw, one needs to do two things for global names -- both of
-> which we have done in SPKI
Now, wait. SPKI has done away with global names! That's what is written in
the very SPKI proposal I was originally commenting on:
- -> The working group has found that the creation of a globally unique
- -> name is neither necessary nor sufficient for Internet security or
- -> electronic commerce. In fact, use of global names can introduce a
- -> security flaw. Therefore, we define certificate forms for binding
- -> local names to keys (to retain security while offering the
- -> convenience of meaningful names) and for assigning authorizations to
- -> keys (to provide adequate information for real applications). These
- -> forms can be used alone or together.
So, the SPKI proposal above clearly says that SPKI certs bind *local*
names to keys and, authorizations to keys -- while global names are not
-> by using the hash of the public key as a global
Using the hash of the public-key as a global name was done many years
ago by PGP, calling it the key's fingerprint, such as:
PGP 08FF BA05 599B 49D2 23C6 6FFD 36BA D342
X.509 also does that, as we may recall.
Quite another point, is the benefit of doing so -- such as done in PGP to
make storage, transport and look-up easier or, by the MCG to avoid
key-escrow when using CA certification, while avoiding collisions.
-> 1. make the global name space sparse, so that typos won't get to someone
-> else's name
On the contrary, using the public-key hash actually increases the
probability of typos and collisions, as compared to the full public-key,
by making the global name space less sparse.
(this is actually a penalty for the benefits listed in my previous
-> 2. make sure there is no common name inside such a global name, or anything
-> else a human clerk might use to guess name ownership. ->
This is granted by the hash, such as no one could guess that the above
given PGP key fingerprint 08FF ... is yours (as it is).
Further, an entity's global name does not have to be singular (and, in
fact must not be singular unless you want to be anonymous), even though it
should be unique.
Besides the discussion above, the other points of my original comments
still remain -- as the inappropriateness of calling a local naming scheme,
such as SPKI, a PKI.
Dr.rer.nat. E. Gerck firstname.lastname@example.org