[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: X.509 ACs vs. SPKI?

At 11:00 PM 5/26/99 +0200, Niels Möller wrote:
>But to "happen" to independently regenerate somebody elses _private_
>key is hard, as its equivalent to successfully breaking the public
>key, by guessing. And if you somehow manage to generate/guess the
>other person's key, we have some vastly more serious problems than
>non-uniqueness of identifiers.
>And the usual procedure is to consider that possiblity as small enough
>to be safely neglected.
>Or am I missing something?

No, you got it right.  I should have used (exceptional!) instead of
(exceptional?) but I suppose there are other avenues of attack.
If someone actually stole your secret key, they might have a new
cert produced with alternate attributes.  Thus keys (and key-hashes)
would be identical, yet the certs (and cert-hashes) differ.

The central issue of the posting was in the second paragraph.
Namely, (even given key-pair uniqueness) how far can one get
when the verifying party sees only the (authenticated) hash of
another key, rather than the authenticated hash of a certificate.

My (tentative) answer for SPKI was that key-hash is sufficient,
given that the verifier is the issuer, and is presumed to have
the corresponding (unique) certificate in hand already.


Tony Bartoletti                                             LL
Center for Information Operations and Assurance          LL LL
Lawrence Livermore National Laboratory                LL LL LL
PO Box 808, L - 303                                   LL LL LL
Livermore, CA 94551-9900                              LL LL LLLLLLLL
phone: 925-422-3881   fax: 925-423-8002               LL LLLLLLLL
email: azb@llnl.gov                                   LLLLLLLL

Follow-Ups: References: