[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

central key generation


At 02:11 PM 3/27/98 -0700, Bob Jueneman wrote:
>A third, equally legitimate operational scenario, especially for businesses
>who are using digital signatures for their own purposes, is that the 
>public/private key pair is generated on a secure server under the control
>of the network administrator, perhaps at the same time that the user's 
>account is created.  The certificate may also be created at that time.


I would never accept a key generated by some agency I didn't trust, but when 
I generated my CyberCash wallet signing key, that was done by 
CyberCash-provided software.  That software then went on to connect to the 
central CyberCash server and register the new key (to get the ACL entry we 
use until we grew to the point to need to issue certificates).

I generated the key on my machine, but if I weren't a CyberCash developer 
who had a chance to read the code, I wouldn't know that.  I'd see a pause,
some network traffic and announcement of a new key.

Still, I *am* a developer and *do* know -- and I would need to be extremely 
careful before allowing any central server to generate keys.  I might, in 
fact, design a system that does that if the key generation were in a secure 
server *I knew* was tamper-proof even from insiders and were based on 
super-good random numbers -- but by doing that, I'm asking the users to 
trust me and the company.

I much prefer distributing good hardware key generators to users and letting 
them generate a key.

Still -- there's a wide open question (and this is getting *really* off 
topic, so I should stop here) -- of how to convince a real user that the 
black box he just got from me (PCMCIA card?) really has no side door or 
other weakness.

 - Carl

Version: PGP for Personal Privacy 5.5.3


|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |