X.509 / PKI, PGP, and IBE Secure Email Technologies

Ed Gerck edgerck at nma.com
Thu Dec 8 20:10:20 EST 2005 

Anne & Lynn Wheeler wrote:
> Ed Gerck wrote:
>> Regarding PKI, the X.509 idea is not just to automate the process of 
>> reliance but to do so without introducing vulnerabilities in the 
>> threat model considered in the CPS.
> 
> but that is one of the points of the article that as you automate more 
> things you have to be extra careful about introducing new 
> vulnerabilities 

I believe that's what I wrote above. This rather old point (known to the X.509
authors, as one can read in their documents) is why X.509 simplifies what it
provides to the least possible _to_automate_ and puts all the local and human-
based security decisions in the CPS.

(The fact that the CPS is declared to be out of scope of X.509 is both a
solution and a BIG problem as I mentioned previously.)

> the issue of public key email w/o PKI ... is you have all the identical, 
> same basic components that PKI also needs.

PGP is public-key email without PKI. So is IBE. And yet neither of them has
all the identical, same basic components that PKI also needs. Now, when you
look at the paper on email security at
http://email-security.net/papers/pki-pgp-ibe.htm
you see that the issue of what components PKI needs (or not) is not
relevant to the analysis.

 > ... as in my oft repeated description of a crook attacking the
> authoritative agency that a certification authority uses for the basis 
> of its certification, and then getting a perfectly valid certificate.

What you say is not really about X.509 or PKI, it's about the CPS. If the CPS
says it restricts the cert to the assertion that the email address was timely
responsive to a random challenge when the cert was issued, then relying
on anything else (e.g., that the email address is owned or operated by an
honest person or by a person who bears a name similar to that mailbox's username)
is unwarranted.

Cheers,
Ed Gerck

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list