[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [E-CARM] PKI, CAs, TTPs &c.

>Lets think about why compromise of a root key is bad. It allows you to
>create entities which are not bonifide and commit all sorts of fraud
>(and if you know its compromised then all issued certificates are
>invalid). If instead you keeep a list of public keys in a secure
>environment then there are also risks, while it could be argued that
>they are less. If someone was able to steal the secret key in the first
>scenario then it must also be possible for them to break in and insert
>new public keys in the list and commit fraud that way. What you have
>lost is the flexibility which a certificate offers. i.e. use in a
>distributed manner.


the proposal is for financial institutions and using the account record
as repository for client's public keys ... which has got to be at least
as secure as any of the CAs. furthermore, assuming a break in
against the account records ... there are a lot more interesting
fields to fiddle with than the public key field; i.e. more direct is
increasing the balance field on a favorite account followed by
a transaction sweeping it into some off-shore entity.

if a financial institution's account records aren't secure ... then
it has more to worry about than the public key fields getting

there is also nothing to prevent the financial institution from
also manufactoring a certificate for the client at the time
of registration ... allowing that client to use such a certificate
in other types of (distributed, offline) activities; however
it seems foolish for the financial institution to incure
the systemic risk of a CA/root key compromise (associated
with certificate vouching for a public key) when there is a
perfectly good copy of the client's public key on file in
the account record (which nominally has to be read in
any case to execute the client's payment instruction).