X.509 / PKI, PGP, and IBE Secure Email Technologies

[Anne & Lynn Wheeler]

Ed Gerck wrote:
> Regarding PKI, the X.509 idea is not just to automate the process of 
> reliance but to do so without introducing vulnerabilities in the threat model 
> considered in the CPS.

but that is one of the points of the article that as you automate more 
things you have to be extra careful about introducing new 
vulnerabilities (of course a business operation will make claims that 
while they may have introduced enormous additional complexity and number 
of business processes ... that they are all perfect and have no 
vulnerabilities).

the issue of public key email w/o PKI ... is you have all the identical, 
same basic components that PKI also needs.

there is a local trusted public key repository and a method of getting 
keys into/out of that trusted public key repository. in the non-PKI 
case, the trusted public key repository contains public keys that are 
used to directly authenticate messages from other entities. in the PKI 
case, the trusted public key repository also contains public keys that 
are used to authenticate messages from a certification authority; these 
messages are called digital certificates. the digital certificates, in 
turn contain other public keys that can be used in authenticating 
messages from directly communicating entities.

the original PKI and digital ceritificate design point is the letters of 
credit/introduction (from the sailing ship days) ... addressing first 
time communication between two strangers.

that a large volume of email doesn't involved first time communication 
between two strangers that have no prior relationship ... and so one 
possible question is does a PKI operation ... does the little or no 
added value for such communication possibly offset the drastically 
increased amount of complexity and increased number of business 
processes (that also contribute to possible enormous increase in 
potential for vulnerabilities).

PKI is trying to offer some added value in first time communication 
between two strangers (say the bulk mailing advertising industry) ... 
and it is possibly acceptable the significant increase in business 
processes and complexity is justified in improving reliance in the bulk 
mailing advertising market segment. The question does the vast increase 
in business processes and complexity (with the possibility that the 
increased business processes and complexity also introduce significant 
new types of vulnerabilities) justify its use in the scenarios where 
first time communication between two strangers is not involved.

This is business process analysis of what goes on in a basic public key 
email operation ... aka all the public key operations and the entity's 
trusted public key repository ... and then showing where PKI 
incrementally adds business processes and complexity to that basic 
infrastructure .... certification authority public keys added to the 
trusted public key repository, these new kind of messages called digital 
certificates and the indirection between the certification authority's 
public key (in the entity's trusted public key repository) and the 
public key of the other entities communicated with.

The additional digital certificate verification technical steps that a 
PKI operation adds to a core fundamental public key email process (that 
directly has access to public keys of entities directly communicated 
with) ... also drags in the enormous amount of complexity and additional 
business processes that the certification authorities have to perform.

It is some of this other complexity and business processes that may be 
attacked ... as in my oft repeated description of a crook attacking the 
authoritative agency that a certification authority uses for the basis 
of its certification, and then getting a perfectly valid certificate.
The user (relying-party) then may have a perfectly valid public key for 
an entity that they've communicated with for years .... but this 
perfectly valid certificate (from a crook) now claims that the user must 
now automatically accept the crook's public key also as representing the 
same entity.

so a traditional risk/threat analysis ... would frequently analyze the 
basic components ... establish a baseline threat/vulnerability profile 
... and then consider what happens when additional complexity does to 
the baseline. I assert that a simple public key email operation can 
establish a baseline w/o any digital certificates ... and then you 
consider what happens when the baseline has digital certificates added
(which then also drags in all the business process vulnerabilities that 
may exist at the certification authority ... and all dependencies that 
tthe certification authority has). we had to sort of look at this sort 
of stuff when we were asked to work with this small client/server 
startup that wanted to do payment transactions on their server
http://www.garlic.com/~lynn/aadsm5.htm#asrn2
http://www.garlic.com/~lynn/aadsm5.htm#asrn3

and we had to go around and audit some number of these relatively new 
business operations called certification authorities.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com