Welome to the Internet, here's your private key

Jeroen C.van Gelderen jeroen at vangelderen.org
Mon Feb 4 11:43:12 EST 2002 

You sound surprised? I recently asked my bank[1] for a solvency 
statement on a personal account and they responded that they were not 
allowed to provide such statements. When pressed for an explanation I 
was told that handing out those statements caused them too much 
litigation. Apparently when the bank states that
   "Alice has been a customer since 23-01-1980 and as of
    12-12-1999 her account is in good standing."
they can (and have indeed been) be sued when Alice goes bankrupt in 
2002. This despite the fact that the statement obviously does not make 
any claim about Alice in 2002. Now, the bank may very well win the court 
case, or they may not. Whatever the outcome, it will cost them.

The moral of the story is: when the legal system allows for silly cases 
like this, alternative protective measures[2] will be put in place, such 
as not handing out solvency statements[3], or forcing a user to accept a 
CA-generated private key. The problem here is not with the technical 
competence of the CA but rather with the CA being held liable and being 
forced to mitigate the risk of losing lots of money.

Technically speaking, having the CA generate the private keys allows the 
user to repudiate signatures made with the key. After all, the CA (or 
one of its employees) could have leaked the key or have signed stuff 
with it.

Practically speaking this would probably be solved by passing an 
additional law that declares CAs trustworthy by definition. After all, 
if you don't pass such a law, the PKI cannot work in the current legal 
framework. And CAs are run by the good people, right? What is wrong with 
effective key escrow for signature keys!? ;-p

We do not even want to think about the conflicts of interest: what 
incentive is there for a CA to report that it lost a user's private key?

-J

[1]  ABN-AMRO.

[2]  Alternative because the legal system is supposed to protect the 
honest
      party here but obviously fails.

[3]  The bank does have provisions for providing solvency statements on
      business accounts. They have insurance and make you pay 
(indirectly).


On Monday, February 4, 2002, at 08:45 , Jaap-Henk Hoepman wrote:

>
> It's worse: it's even accepted practice among certain security 
> specialists. One
> of them involved in the development of a CA service once told me that 
> they
> intended the CA to generate the key pair. After regaining consciousness 
> I asked
> him why he thought violating one of the main principles of public key
> cryptography was a good idea. His answer basically ran as follows: if 
> the CA is
> going to be liable, they want to be sure the key is strong and not
> compromised. He said that the PC platform of an ordinary user simply 
> wasn't
> secure/trusted enough to generate keys on. The system might not 
> generate `good
> enough' randomness, or might have been compromised by a trojan.
>
> Jaap-Henk
>
> On Sun, 3 Feb 2002 15:09:57 +0100  pgut001 at cs.auckland.ac.nz writes:
>> It is accepted practice among security people that you generate your 
>> own
>> private key.  It is also, unfortunately, accepted practice among 
>> non-security
>> people that your CA generates your private key for you and then mails 
>> it to
>> you as a PKCS #12 file (for bonus points the password is often 
>> included in
>> the same or another email).  Requests to have the client generate the 
>> key
>> themselves and submit the public portion for certification are met with
>> bafflement, outright refusal, or at best grudging acceptance if 
>> they're big
>> enough to have some clout.  This isn't a one-off exception, this is 
>> more or
>> less the norm for private industry working with established (rather 
>> than
>> internal, roll-your-own) CAs.  This isn't the outcome of pressure from
>> shadowy government agencies, this is just how things are done.  Be 
>> afraid.
>>
>
> --
> Jaap-Henk Hoepman             | Come sail your ships around me
> Dept. of Computer Science     | And burn your bridges down
> University of Twente          |       Nick Cave - "Ship Song"
> Email: hoepman at cs.utwente.nl === WWW: www.cs.utwente.nl/~hoepman
> Phone: +31 53 4893795 === Secr: +31 53 4893770 === Fax: +31 53 4894590
> PGP ID: 0xF52E26DD  Fingerprint: 1AED DDEB C7F1 DBB3  0556 4732 4217 
> ABEF
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to 
> majordomo at wasabisystems.com
>
>
--
Jeroen C. van Gelderen - jeroen at vangelderen.org

"Economics is a theoretical science and as such abstains from any
judgement of value. It is not its task to tell people what ends
they should aim at. It is a science of the means to be applied for
attainment of ends chosen, not, to be sure, a science of the choosing
of ends. Ultimate decisions, the valuations and the choosing of ends,
are beyond the scope of any science. Science never tells a man how
he should act; it merely shows how a man must act if he wants to
attain definite ends." -- Ludwig von Mises


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list