[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: global names are a security flaw
-----BEGIN PGP SIGNED MESSAGE-----
At 02:55 PM 12/4/97 -0200, Ed Gerck wrote:
>My fingerprint, retina scan and DNA sequence and are three examples of
>global names. Their existence would never mean a security flaw -- on the
>contrary, they may allow myself to prove innocence in court. Conversely,
>to pick a simple example (cf Bohm), if a man charged with a crime is seen
>on video footage committing it, and has the same DNA and fingerprints of
>which evidence was found at the scene, his birth name and place of birth
>are irrelevant: he has been identified as the criminal by his global
>"names": fingerprints and DNA.
I never denied the existence of unique ID possibilities -- only of human use
of those in daily life. We use names from small name spaces, probably
because our brains are wired that way.
>Your example, on the other hand, has nothing to do with global names and
>would just as well "work" with local names. Your example is just an
>instance of a poor protocol.
Of course it's a poor protocol. That's where security flaws come from. To
correct this protocol, we need to stop inducing the human guess that created
the flaw. A local name space defined by the issuer stops the guess.
Elimination of names entirely (or, stated differently, use of key hash
instead of name) eliminates the guessing more effectively. It changes the
protocol -- forcing the user to bring in his key hash or public key on a
floppy or at least a piece of paper with the hash written on it.
>-> To correct this flaw, one needs to do two things for global names --
>-> which we have done in SPKI
>Now, wait. SPKI has done away with global names! That's what is written in
>the very SPKI proposal I was originally commenting on:
We have tossed global names ala X.500. There are always global identifiers,
as you pointed out with fingerprints and DNA, and as we point out with
hashes of public keys: globally unique identifiers.
>Besides the discussion above, the other points of my original comments
>still remain -- as the inappropriateness of calling a local naming scheme,
>such as SPKI, a PKI.
To the extent that you buy into the talk of the last decade and assume a PKI
is a directory of globally unique names with keys attached, you are correct.
We don't buy that definition of PKI. We don't believe such a directory
is possible, necessary or desirable.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3
-----END PGP SIGNATURE-----