[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SPKI signing keys only
>>> Bill Frantz <firstname.lastname@example.org> 06/26/97 10:30PM >>>
>At 2:48 PM -0700 6/26/97, Brian M. Thomas wrote:
>>Any other discussion?
>I know of no technical way to prevent people from using signing keys for
>encryption. If it becomes legally required, then all signing applications
>will have to be approved before sale. Since the math for some crypto
>operations is so simple, roll-your-own becomes simple and the requirement
>is just so much FUD. For example, consider Diffie Hellman key exchange.
>We can eliminate the man in the middle by signing the data transferred as
>part of the protocol. We are just using the public/private key pairs for
>signing, but anyone with a crypto library can use the signing to give
>authenticated key exchange with perfect forward security.
>Enforcing GAK is a political problem. There is no technical solution.
That's a little too strong. It's a royal pain, but it can be done.
Keys can be typed as to what uses are allowed, and either the operating
system or a trusted device such as a smart card can deny access to such keys
except by approved, protocol-specific library functions. All of this assumes
that users and general-purpose applications cannot access keys in raw form,
but only handles to them.
I believe that the Intel CDSA architecture will support such constructs, as
will some work by HP, IBM's SecureWay architecture, Novell's Controlled
Modular Cryptography approach, and probably others I'm not aware of. It
takes a substantial investment in the program infrastructure, but it may pay
off in easier export of crypto-consuming applications.