dual-use digital signature vulnerabilityastiglic at okiok.com

[Anne & Lynn Wheeler]

At 07:07 PM 7/24/2004, Peter Gutmann wrote:
>A depressing number of CAs generate the private key themselves and mail out to
>the client.  This is another type of PoP, the CA knows the client has the
>private key because they've generated it for them.

one could claim that there might be two possible useage scenarios, 
involving two different thread models: encryption and authentication.

from a business standpoint the encryption of corporate data (especially 
data at rest .... which might include some of the corporate jewels) can 
represent single point of failures ... if private key is required for the 
recovery of corporate jewels and the private key isn't reliably replicated 
(to avoid single points of failure); then there is a serious, corporate, 
overriding availability threat.

the claim can be made that the trade-off for authentication and digital 
signature would result in no escrow or replication of private key .... 
since the overriding threat model is a) impersonation and/or b) not being 
able to reliably attribute certain actions to specific people.

the assertion here is possible threat model confusion when the same exact 
technology is used for two significantly different business purposes.

.... in general, no key escrow or no key replication is frequently bad in 
the encryption business process scenario

... while no key escrow or no key replication is good in the 
authentication/digital signature business process scenario.

a problem arises when the business purpose uses of the public/private key 
pair isn't sufficiently described ... leading to confusion (and/or the same 
public/private key pair are used for different business processes with 
possibly conflicting threat models).


--
Anne & Lynn Wheeler    http://www.garlic.com/~lynn/ 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com