Welome to the Internet, here's your private key

jamesd at echeque.com jamesd at echeque.com
Sun Feb 3 14:27:07 EST 2002 

    --
On 4 Feb 2002, at 3:09, Peter Gutmann wrote:
> It is accepted practice among security people that you 
> generate your own private key.  It is also, unfortunately, 
> accepted practice among non-security people that your CA 
> generates your private key for you and then mails it to you 
> as a PKCS #12 file (for bonus points the password is often 
> included in the same or another email).  Requests to have 
> the client generate the key themselves and submit the 
> public portion for certification are met with bafflement, 
> outright refusal, or at best grudging acceptance if they're 
> big enough to have some clout.  This isn't a one-off 
> exception, this is more or less the norm for private 
> industry working with established (rather than internal, 
> roll-your-own) CAs.  This isn't the outcome of pressure 
> from shadowy government agencies, this is just how things 
> are done.  Be afraid.

The public key infrastructure is simply not working.

Ordinary mortals do not understand how it works, therefore 
cannot use it correctly.

Certified public keys are therefore of limited value.

This is in part a result of an impenetrable and 
incomprehensible user interface that makes what is hard to 
understand far harder.

For example I can see no good reason why an active X control 
with public source cannot generate your private key -- so 
that as far as the normal user knows he is getting it from 
the authority by logging in to their web page.  We had this
arrangement some years ago -- what happened to it?

I just learnt that Windows 2000 and Windows XP construct a 
key pair for every user.  The interface around this seems 
designed to be utterly impenetrable, as though they were 
trying to protect against stupid users by using security by 
obscurity.

With Windows XP, we enter a world where everyone has a key 
pair securing his stuff -- and is unaware of it, and unable 
to use it. 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     E2AfFWpRWRrQk9TjIHVW4PIkCIefZn7D7LUkwgdH
     4144WI1nmwDQ3k7tCTyZ3dyJFywdh8RkiPnOEv0gj




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list