[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: global names are a security flaw


At 02:55 PM 12/4/97 -0200, Ed Gerck wrote:
>My fingerprint, retina scan and DNA sequence and are three examples of
>global names. Their existence would never mean a security flaw -- on the
>contrary, they may allow myself to prove innocence in court.  Conversely,
>to pick a simple example (cf Bohm), if a man charged with a crime is seen
>on video footage committing it, and has the same DNA and fingerprints of
>which evidence was found at the scene, his birth name and place of birth
>are irrelevant:  he has been identified as the criminal by his global
>"names":  fingerprints and DNA. 

I never denied the existence of unique ID possibilities -- only of human use 
of those in daily life.  We use names from small name spaces, probably 
because our brains are wired that way.

>Your example, on the other hand, has nothing to do with global names and
>would just as well "work" with local names. Your example is just an
>instance of a poor protocol.

Of course it's a poor protocol.  That's where security flaws come from.  To 
correct this protocol, we need to stop inducing the human guess that created 
the flaw.  A local name space defined by the issuer stops the guess.  
Elimination of names entirely (or, stated differently, use of key hash 
instead of name) eliminates the guessing more effectively.  It changes the 
protocol -- forcing the user to bring in his key hash or public key on a 
floppy or at least a piece of paper with the hash written on it.

>-> To correct this flaw, one needs to do two things for global names -- 
both of 
>-> which we have done in SPKI 
>Now, wait. SPKI has done away with global names! That's what is written in
>the very SPKI proposal I was originally commenting on: 

We have tossed global names ala X.500.  There are always global identifiers, 
as you pointed out with fingerprints and DNA, and as we point out with 
hashes of public keys: globally unique identifiers.


>Besides the discussion above, the other points of my original comments
>still remain -- as the inappropriateness of calling a local naming scheme,
>such as SPKI, a PKI.

To the extent that you buy into the talk of the last decade and assume a PKI 
is a directory of globally unique names with keys attached, you are correct. 
We don't buy that definition of PKI.  We don't believe such a directory
is possible, necessary or desirable.

 - Carl

Version: PGP for Personal Privacy 5.5.3


|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |