[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PGPticket

To: Bill Frantz <frantz@netcom.com>, spki@c2.net, cme@cybercash.com
Subject: Re: PGPticket
From: Tony Bartoletti <azb@llnl.gov>
Date: Wed, 27 May 1998 11:05:50 -0700
Cc: Vinnie Moscaritolo <vinnie@apple.com>
In-Reply-To: <v03110703b1917bf8b566@[207.94.250.141]>
At 12:15 AM 5/27/98 -0800, Bill Frantz wrote:
>>Date: Tue, 26 May 1998 16:19:55 -0800
>>From: Vinnie Moscaritolo <vinnie@apple.com>
>>Subject: PGPticket
>>To: "ietf-open-pgp@imc.org" <ietf-open-pgp@imc.org>
>>X-Priority: 3
>>MIME-Version: 1.0
>>Sender: owner-ietf-open-pgp@imc.org
>>Precedence: bulk

A minor nit.  See Protocol description, paragraph 5, below.

>>
>>I am looking for someone to help me co-author the PGPticket Internet draft.
>>PGPtickets are SPKI authentication certs represented as an OpenPGP
>>standalone signature packets. This allows us to represent SPKI packets in
>>a form that most PGP implemenations can process.
>>
>>The authetication certs are a powerful tool, and this might be a way to
>>get the best of the SPKI into a form that PGP users can do something with.
>>
>>In order to test out this concept I have even built some code
>>with the PGPsdk that I would lov eto make public,  but would like to
>>write up the message format as an ietf draft...
>>
>>being that I don't have much experience writting these documents, I
>>am seeking (a) partner(s) who is intersted in helping out with the draft.
>>
>>    PGPticket is a lightweight but very secure authorization protocol
>>   based on the OpenPGP Message Format and SPKI structure. PGPticket
>>   is designed to control access of services over a public network by
>>   granting and transfering user privileges through authorization
>>   certificates signed with strong public key cryptography.
>>
>>
>>   A PGPticket packet contains:
>>
>>    - Packet Tag
>>
>>     - One-octet version number (4).
>>     - One-octet  Standalone signature type (2).
>>     - One-octet public key algorithm.
>>     - One-octet hash algorithm.
>>
>>     - Two-octet scalar octet count for following hashed subpacket data.
>>
>>      Certificate validity Information consisting of:
>>        - One-octet signature creation time subpacket type  (82)
>>        - Four-octet time field
>>        - One-octet signature expiration time subpacket type  (83)
>>        - Four-octet time field
>>
>>      Certificate Issuer Information consisting of:
>>        - One-octet signature creation issuer key ID type  (90)
>>       - Eight-octet key ID
>>
>>      Certificate Authorization Information consisting of:
>>        - One-octet Notation Data subpacket type  (94)
>>       - 4 octets of flags        (0)
>>       - 2 octets of name length  (4)
>>       - 2 octets of value length (N),
>>       - 4 octets of name data    ('AUTH')
>>       - N octets of authorization string data
>>
>>      Certificate Subject Information consisting of:
>>        - One-octet Notation Data subpacket type  (94)
>>       - 4 octets of flags        (0)
>>       - 2 octets of name length  (4)
>>       - 2 octets of value length (N),
>>       - 4 octets of name data    ('SUBJ')
>>         N octets of Subject string data for each subject
>>             authorized in this certifcate consisting of
>>          - Eight-octet key ID
>>          - One-octet public key algorithm.
>>          - One octet scaler length count for public Key fingerprint
>>          - N octets public Key fingerprint data
>>
>>      Optional Certificate Delegation Information consisting of:
>>        - One-octet Notation Data subpacket type  (20)
>>       - 4 octets of flags        (0)
>>       - 2 octets of name length  (4)
>>       - 2 octets of value length (0),
>>       - 4 octets of name data    ('DELG')
>>
>>    - Two-octet scalar octet count for following unhashed subpacket
>>       data.
>>
>>     - Unhashed subpacket data. (zero or more subpackets)
>>
>>     - Two-octet field holding left 16 bits of signed hash value.
>>
>>     - One or more multi-precision integers comprising the signature.
>>
>>
>>Below is a brief overview of the PGPticket Protocol
>>
>>   1.  The user requests server access from the system admin
>>   (possibly a verbal request). The user either provides a copy
>>   of his public key or makes the key available on common
>>   key-server. The Admin verifies the validity of this key.
>>
>>   2.  The administrator generates the PGPticket with
>>   appropriate authorizations and validity information, signing
>>   the ticket with the server admin key. The ticket is either
>>   posted in a public place or sent by email to the user.
>>
>>   3.  The user retrieves the PGPticket and stores it in a local
>>   ticket database.
>>
>>   Client to server
>>   4.  The user attempts to access a network service, the client
>>   searches its ticket database for any tickets pertaining to
>>   the server, and sends a copy of the tickets along with the
>>   access request.
>>
>>   Server to Client
>>   5.  The server checks validity of ticket, which entails
>>   verifying the admin signature and expiration date of ticket.
>>   The server then generates a random challenge string and
>>   sends the challenge to the client requesting that it be
>>   signed by the key specified in the ticket.

The recent and timely thread "Key Usage for Authentication and
Digital Signature", although X.509-oriented, discusses a possible
security problem when a server is able to form a "challenge" to be
signed by the auth-requesting client.  Specifically, a nefarious
server may trick the client into signing a substantial "message"
rather than (say) a random challenge.  Perhaps the protocol could
force the challenge to incorporate data supplied, at least in part,
by the client as well.

___tony___

>>   Client to server
>>   6. The client signs and returns the challenge string with a
>>   random nonce appended. The server then checks the clients
>>   signature and if successful grants access with the
>>   authorizations specified in the ticket
>>
>>
>>
>>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>Vinnie Moscaritolo
>>Wordwide Developer Technical Support
>>N&C/Hardware
>>
>>Apple Computer, Inc.                      email:  vinnie@apple.com
>>3 Infinite Loop, MS: 303-2T               phone:      408.974.5560
>>Cupertino, CA 95014                       fax:        408.862.7602
>>Fingerprint:     0AAF 9A74 113F 7FDD 97E6 04BD 1D7A 2D86 6F17 2A0A
>>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>
>-------------------------------------------------------------------------
>Bill Frantz       | If hate must be my prison  | Periwinkle -- Consulting
>(408)356-8506     | lock, then love must be    | 16345 Englewood Ave.
>frantz@netcom.com | the key.     - Phil Ochs   | Los Gatos, CA 95032, USA
>
>


Tony Bartoletti                                             LL
SPI-NET GURU                                             LL LL
Computer Security Technology Center                   LL LL LL
Lawrence Livermore National Lab                       LL LL LL
PO Box 808, L - 303                                   LL LL LLLLLLLL
Livermore, CA 94551-9900                              LL LLLLLLLL
email: azb@llnl.gov   phone: 510-422-3881             LLLLLLLL
References:
PGPticket
From: Bill Frantz <frantz@netcom.com>
Prev by Date: PGPticket
Next by Date: Re: PGPticket
Prev by thread: PGPticket
Next by thread: Re: PGPticket
Index(es):
- Main
- Thread