X.509 / PKI, PGP, and IBE Secure Email Technologies
Anne & Lynn Wheeler
lynn at garlic.com
Thu Dec 8 16:41:26 EST 2005
Ed Gerck wrote:
> Regarding PKI, the X.509 idea is not just to automate the process of
> reliance but to do so without introducing vulnerabilities in the threat model
> considered in the CPS.
but that is one of the points of the article that as you automate more
things you have to be extra careful about introducing new
vulnerabilities (of course a business operation will make claims that
while they may have introduced enormous additional complexity and number
of business processes ... that they are all perfect and have no
vulnerabilities).
the issue of public key email w/o PKI ... is you have all the identical,
same basic components that PKI also needs.
there is a local trusted public key repository and a method of getting
keys into/out of that trusted public key repository. in the non-PKI
case, the trusted public key repository contains public keys that are
used to directly authenticate messages from other entities. in the PKI
case, the trusted public key repository also contains public keys that
are used to authenticate messages from a certification authority; these
messages are called digital certificates. the digital certificates, in
turn contain other public keys that can be used in authenticating
messages from directly communicating entities.
the original PKI and digital ceritificate design point is the letters of
credit/introduction (from the sailing ship days) ... addressing first
time communication between two strangers.
that a large volume of email doesn't involved first time communication
between two strangers that have no prior relationship ... and so one
possible question is does a PKI operation ... does the little or no
added value for such communication possibly offset the drastically
increased amount of complexity and increased number of business
processes (that also contribute to possible enormous increase in
potential for vulnerabilities).
PKI is trying to offer some added value in first time communication
between two strangers (say the bulk mailing advertising industry) ...
and it is possibly acceptable the significant increase in business
processes and complexity is justified in improving reliance in the bulk
mailing advertising market segment. The question does the vast increase
in business processes and complexity (with the possibility that the
increased business processes and complexity also introduce significant
new types of vulnerabilities) justify its use in the scenarios where
first time communication between two strangers is not involved.
This is business process analysis of what goes on in a basic public key
email operation ... aka all the public key operations and the entity's
trusted public key repository ... and then showing where PKI
incrementally adds business processes and complexity to that basic
infrastructure .... certification authority public keys added to the
trusted public key repository, these new kind of messages called digital
certificates and the indirection between the certification authority's
public key (in the entity's trusted public key repository) and the
public key of the other entities communicated with.
The additional digital certificate verification technical steps that a
PKI operation adds to a core fundamental public key email process (that
directly has access to public keys of entities directly communicated
with) ... also drags in the enormous amount of complexity and additional
business processes that the certification authorities have to perform.
It is some of this other complexity and business processes that may be
attacked ... as in my oft repeated description of a crook attacking the
authoritative agency that a certification authority uses for the basis
of its certification, and then getting a perfectly valid certificate.
The user (relying-party) then may have a perfectly valid public key for
an entity that they've communicated with for years .... but this
perfectly valid certificate (from a crook) now claims that the user must
now automatically accept the crook's public key also as representing the
same entity.
so a traditional risk/threat analysis ... would frequently analyze the
basic components ... establish a baseline threat/vulnerability profile
... and then consider what happens when additional complexity does to
the baseline. I assert that a simple public key email operation can
establish a baseline w/o any digital certificates ... and then you
consider what happens when the baseline has digital certificates added
(which then also drags in all the business process vulnerabilities that
may exist at the certification authority ... and all dependencies that
tthe certification authority has). we had to sort of look at this sort
of stuff when we were asked to work with this small client/server
startup that wanted to do payment transactions on their server
http://www.garlic.com/~lynn/aadsm5.htm#asrn2
http://www.garlic.com/~lynn/aadsm5.htm#asrn3
and we had to go around and audit some number of these relatively new
business operations called certification authorities.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list