[Cryptography] client certificates ... as opposed to password hashing

ianG iang at iang.org
Wed May 28 19:07:07 EDT 2014 

On 27/05/2014 16:04 pm, Joe St Sauver wrote:

> But what about routine use? *If* all the user is doing is S/MIME, and 
> everyone uses the same key for signing as for encryption, key exchange 
> via signed messages works okay, and most popular email IMAP clients 
> support S/MIME and you can even use something like Penango for web email 
> (free for free Gmail account users). That largely just works.


Well, it passes the demo but not really practical.

The problem is that within a community of say 10+ there is always
someone who is losing their key for some reason.  E.g., cert expired.
Which then requires a long period for that person to wake up and find
another cert.  During that time, that person's offline.

My call is that S/MIME fails routine use.

The only practical way around this is a keyserver approach, and even
that requires the keys to not expire, practically.  Note that the same
problem occurs with OpenPGP;  when people expire their keys too
frequently, others get out of sync and stop talking to them.  Only the
NSA enjoys this scenario.


> HOWEVER, routine use gets harder when:
> 
> -- you're trying to more than just S/MIME
> -- you're trying to work beyond just the enterprise, and there's no 
>    global directory
> -- you have multiple client certs (e.g., a non-repudiable signing cert
>    and an escrowed encryption cert, perhaps)
> -- you want to use smartcards or USB-format PKI hard tokens to store your
>    certificates
> 
> What's really missing to-date has been use cases for client certs, at least
> in the academic community. 


Use case happily from the CAcert community.  Short story:  every Assurer
has to have a cert in their browser so the provisioning problem is
solved by some other factor.  With that benefit, client certs work fine
*iff* the client software is up to the job.

http://wiki.cacert.org/Technology/KnowledgeBase/ClientCerts


> If I just want to do signed or encrypted email, PGP/GNU PrivacyGuard is a
> compelling alternative.

For email, yes.  It is only the GUI clients that are not really robust
there.



iang

More information about the cryptography mailing list