MD5 collision in X509 certificates

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Mar 7 00:11:43 EST 2005 

Anne & Lynn Wheeler <lynn at garlic.com> writes:

>the purpose of a certificate is analogous to the old letters of credit in the
>sailing ship days .... it supposedly establishes the bonifides of the
>individual in an offline, non-connected world where the relying party has no
>other recourse regarding trust/integrity of the individual that they are
>dealing with.

I ran into an interesting example of the conflict between PKI's almost
completely offline design vs.the almost completely online world recently.
Someone showed me a full-page diagram of their PKI/certificate management
process containing several dozen boxes, a maze of connecting arrows, labels,
references to pages and pages of further explanation, etc etc etc.  After
reverse-engineering the process displayed in the diagram over a period of
about quarter of an hour, I simplified the whole thing by drawing a single
line from the top left ("I have someone's public key") to the bottom right
("Ask an online service who it belongs to and whether it's OK to use"),
completely bypassing the morass of PKI in the middle.  (This is a bit like the
financial industry use of PKI that Lynn mentioned a while back in which you
throw away everything but the public key and check that directly, because all
the PKI does is get in the way).

At that point the conversation went something like this:

"Why not do it that way then, since that's the end effect anyway?".

  "We can't do that.  $LARGE_ORGANISATION have spent millions of dollars
   setting up their PKI, and they won't allow something that sidesteps it".

"So the only reason the PKI is there is because not having it there would be
an admission of its uselessness?"

  "Uhh, yeah".

This leads to the following PKI business model:

1. Spend millions of dollars setting up a PKI.

2. Everyone is forced to use it because not to do so would be a waste of the
   setup costs.

3. Profit!

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list