[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: X.509 ACs vs. SPKI?
At 11:00 PM 5/26/99 +0200, Niels Möller wrote:
>But to "happen" to independently regenerate somebody elses _private_
>key is hard, as its equivalent to successfully breaking the public
>key, by guessing. And if you somehow manage to generate/guess the
>other person's key, we have some vastly more serious problems than
>non-uniqueness of identifiers.
>And the usual procedure is to consider that possiblity as small enough
>to be safely neglected.
>Or am I missing something?
No, you got it right. I should have used (exceptional!) instead of
(exceptional?) but I suppose there are other avenues of attack.
If someone actually stole your secret key, they might have a new
cert produced with alternate attributes. Thus keys (and key-hashes)
would be identical, yet the certs (and cert-hashes) differ.
The central issue of the posting was in the second paragraph.
Namely, (even given key-pair uniqueness) how far can one get
when the verifying party sees only the (authenticated) hash of
another key, rather than the authenticated hash of a certificate.
My (tentative) answer for SPKI was that key-hash is sufficient,
given that the verifier is the issuer, and is presumed to have
the corresponding (unique) certificate in hand already.
Tony Bartoletti LL
Center for Information Operations and Assurance LL LL
Lawrence Livermore National Laboratory LL LL LL
PO Box 808, L - 303 LL LL LL
Livermore, CA 94551-9900 LL LL LLLLLLLL
phone: 925-422-3881 fax: 925-423-8002 LL LLLLLLLL
email: email@example.com LLLLLLLL