dual-use digital signature vulnerability
Anton Stiglic
astiglic at okiok.com
Mon Jul 19 11:40:05 EDT 2004
About using a signature key to only sign contents presented in a meaningful
way that the user supposedly read, and not random challenges:
The X.509 PoP (proof-of-possession) doesn't help things out, since a public
key certificate is given to a user by the CA only after the user has
demonstrated to the CA possession of the corresponding private key by
signing a challenge. I suspect most implementation use a random challenge.
For things to be clean, the challenge would need to be a content that is
readable, and that is clearly only used for proving possession of the
private key in order to obtain the corresponding public key certificate.
X.509 PoP gets even more twisted when you want to certify encryption keys (I
don't know what ietf-pkix finally decided upon for this..., best solution
seems to be to encrypt the public key certificate and send that to the user,
so the private key is only ever used to decrypt messages...)
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list