should you trust CAs? (Re: dual-use digital signature vulnerability)

Aram Perez aramperez at mac.com
Tue Aug 3 01:15:08 EDT 2004 

Hi Adam,

> From: Adam Back <adam at cypherspace.org>
> Date: Fri, 30 Jul 2004 17:54:56 -0400
> To: Aram Perez <aramperez at mac.com>
> Cc: Michael_Heyman at mcafee.com, Cryptography <cryptography at metzdowd.com>, Adam
> Back <adam at cypherspace.org>
> Subject: Re: should you trust CAs? (Re: dual-use digital signature
> vulnerability)
> 
> On Wed, Jul 28, 2004 at 10:00:01PM -0700, Aram Perez wrote:
>> As far as I know, there is nothing in any standard or "good security
>> practice" that says you can't multiple certificate for the same email
>> address. If I'm willing to pay each time, Verisign will gladly issue me a
>> certificate with my email, I can revoke it, and then pay for another
>> certificate with the same email. I can repeat this until I'm bankrupt and
>> Verisign will gladly accept my money.
> 
> Yes but if you compare this with the CA having the private key, you
> are going to notice that you revoked and issued a new key; also the CA
> will have your revocation log to use in their defense.
> 
> At minimum it is detectable by savy users who may notice that eg the
> fingerprint for the key they have doesn't match with what someone else
> had thought was their key.
> 
>> I agree with Michael H. If you trust the CA to issue a cert, it's
>> not that much more to trust them with generating the key pair.
> 
> Its a big deal to let the CA generate your key pair.  Key pairs should
> be generated by the user.

>From a purely (and possibly dogmatic) cryptographic point of view, yes, key
pairs should be generated by the user. But in the real world, as Ian G
points out, where businesses are trying to minimize costs and maximize
profits, it is very attractive to have the CA generate the key pair (and as
Peter G pointed, delivers the pair securely), and issue a certificate at the
same time. I hope you are not using a DOCSIS cable modem to connect to the
Internet, because that is precisely what happened with the cable modem. A
major well-known CA generated the key pair, issued the certificate and
securely delivered them to the modem manufacturer. The modem manufacturer
then injected the key pair and certificate into the modem and sold it. I
guess you can say/argue that there is a difference between a "user key pair"
and a "device key pair", and therefore, it can work for cable modems, but I
don't how you feel/think/believe in this case.

Until fairly recently, when smart card could finally generate their own key
pairs, smart cards were delivered with key pairs that were generated outside
the smart card and then injected into them for delivery to the end user.

I'm not trying to change your mind, I'm just trying to point out how the
real business world works, whether we security folks like it or not.

Respectfully,
Aram Perez

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list