dual-use digital signature vulnerabilityastiglic at okiok.com
Anne & Lynn Wheeler
lynn at garlic.com
Mon Jul 26 16:26:01 EDT 2004
At 02:00 PM 7/26/2004, Richard Levitte - VMS Whacker wrote:
>That's all and well, but I can't see why that would be interesting to
>a generic, third-party CA. If you're talking about a CA within the
>same corporation, then I can understand, since they usually (as far as
>I can guess) work from a different standpoint and with different
>priorities.
>
>What you describe feels to me like encryption is ill understood and
>placed in the hands of random individuals. If you want safety and
>recoverability, there's nothing like one or several backups, maybe
>protected with different means (different encryption, different
>storage media (including vaults), different keys, and so on).
I believe there was at least one large institutional effort where
keys were generated, escrowed and loaded into hardware tokens
and distributed. the persons were expected to use the hardware
tokens for both authentication and encryption. if the hardware token
failed (like if the battery died), they could get a new hardware token
issued with the same keys.
the obviously needed the original keys if they had used the hardware
token for encryption (of data that turned out to be laying around
someplace).
however, it wasn't necessary to have escrowed keys for authentication,
simply issuing a new hardware tokens with new (authentication) keys
would have been sufficient (and reregistering the new public key).
here is an issue where, if they're using hardware tokens for key protection ...
they really need to distinguish between encryption keys and authentication
keys .... either a single hardware token with two different sets of keys ...
and the token knows how to consistently differentiate their use between
encryption and authentication ... or two different hardware tokens ...
consistently used for the different (business) purposes.
there is a side issue with institutional delivered hardware tokens ...
and if they were to replace existing shared-secret pins/passwords ...
where a person might have a hundred unique shared-secrets for
their various electronic relationships .... and potentially be issued
at least one hardware token to be used in lieu of every pin/password
... and potentially a second hardware token for encryption only
purposes (say in dongle form ... a key chain with 100-120 or dongles
... in need of medium sized ruck sack just to lug them around).
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list