Welome to the Internet, here's your private key
Jeroen C.van Gelderen
jeroen at vangelderen.org
Mon Feb 4 11:43:12 EST 2002
You sound surprised? I recently asked my bank[1] for a solvency
statement on a personal account and they responded that they were not
allowed to provide such statements. When pressed for an explanation I
was told that handing out those statements caused them too much
litigation. Apparently when the bank states that
"Alice has been a customer since 23-01-1980 and as of
12-12-1999 her account is in good standing."
they can (and have indeed been) be sued when Alice goes bankrupt in
2002. This despite the fact that the statement obviously does not make
any claim about Alice in 2002. Now, the bank may very well win the court
case, or they may not. Whatever the outcome, it will cost them.
The moral of the story is: when the legal system allows for silly cases
like this, alternative protective measures[2] will be put in place, such
as not handing out solvency statements[3], or forcing a user to accept a
CA-generated private key. The problem here is not with the technical
competence of the CA but rather with the CA being held liable and being
forced to mitigate the risk of losing lots of money.
Technically speaking, having the CA generate the private keys allows the
user to repudiate signatures made with the key. After all, the CA (or
one of its employees) could have leaked the key or have signed stuff
with it.
Practically speaking this would probably be solved by passing an
additional law that declares CAs trustworthy by definition. After all,
if you don't pass such a law, the PKI cannot work in the current legal
framework. And CAs are run by the good people, right? What is wrong with
effective key escrow for signature keys!? ;-p
We do not even want to think about the conflicts of interest: what
incentive is there for a CA to report that it lost a user's private key?
-J
[1] ABN-AMRO.
[2] Alternative because the legal system is supposed to protect the
honest
party here but obviously fails.
[3] The bank does have provisions for providing solvency statements on
business accounts. They have insurance and make you pay
(indirectly).
On Monday, February 4, 2002, at 08:45 , Jaap-Henk Hoepman wrote:
>
> It's worse: it's even accepted practice among certain security
> specialists. One
> of them involved in the development of a CA service once told me that
> they
> intended the CA to generate the key pair. After regaining consciousness
> I asked
> him why he thought violating one of the main principles of public key
> cryptography was a good idea. His answer basically ran as follows: if
> the CA is
> going to be liable, they want to be sure the key is strong and not
> compromised. He said that the PC platform of an ordinary user simply
> wasn't
> secure/trusted enough to generate keys on. The system might not
> generate `good
> enough' randomness, or might have been compromised by a trojan.
>
> Jaap-Henk
>
> On Sun, 3 Feb 2002 15:09:57 +0100 pgut001 at cs.auckland.ac.nz writes:
>> It is accepted practice among security people that you generate your
>> own
>> private key. It is also, unfortunately, accepted practice among
>> non-security
>> people that your CA generates your private key for you and then mails
>> it to
>> you as a PKCS #12 file (for bonus points the password is often
>> included in
>> the same or another email). Requests to have the client generate the
>> key
>> themselves and submit the public portion for certification are met with
>> bafflement, outright refusal, or at best grudging acceptance if
>> they're big
>> enough to have some clout. This isn't a one-off exception, this is
>> more or
>> less the norm for private industry working with established (rather
>> than
>> internal, roll-your-own) CAs. This isn't the outcome of pressure from
>> shadowy government agencies, this is just how things are done. Be
>> afraid.
>>
>
> --
> Jaap-Henk Hoepman | Come sail your ships around me
> Dept. of Computer Science | And burn your bridges down
> University of Twente | Nick Cave - "Ship Song"
> Email: hoepman at cs.utwente.nl === WWW: www.cs.utwente.nl/~hoepman
> Phone: +31 53 4893795 === Secr: +31 53 4893770 === Fax: +31 53 4894590
> PGP ID: 0xF52E26DD Fingerprint: 1AED DDEB C7F1 DBB3 0556 4732 4217
> ABEF
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
> majordomo at wasabisystems.com
>
>
--
Jeroen C. van Gelderen - jeroen at vangelderen.org
"Economics is a theoretical science and as such abstains from any
judgement of value. It is not its task to tell people what ends
they should aim at. It is a science of the means to be applied for
attainment of ends chosen, not, to be sure, a science of the choosing
of ends. Ultimate decisions, the valuations and the choosing of ends,
are beyond the scope of any science. Science never tells a man how
he should act; it merely shows how a man must act if he wants to
attain definite ends." -- Ludwig von Mises
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list