PKI: The terrorists' secret weapon
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Mar 14 10:08:22 EDT 2007
Excerpts from a recent (non-public) PKI discussion paper:
-- Snip --
Email Distributions
The most recent dispatching of certificates was to 126 countries, being those
who have provided an email address. The following table records the outcomes.
INCIDENCE DISPOSITION / OUTCOME
Dispatch confirmed as delivered 11
Dispatch confirmed as delivery failure 25
Nil response received after 10 days 90
---------------------------------------------------------------
Total 126
-- Snip --
CRLs are even worse:
-- Snip --
On the basis of the above data, as well as data derived from the other
distributions over the last 12 months, it is *highly unlikely* that a State
would receive an urgent-type CRL from any other State within the 48 hours
timeframe specified in the PKI Technical Report.
-- Snip --
And:
-- Snip --
Over the course of the last four dispatches of PKI certificates, very few of
these countries have positively acknowledged receipt of these certificates. Of
the 31 countries currently issuing ePassports we have only received
certificates from 14 countries in reply.
-- Snip --
Finally:
-- Snip --
Conclusions
Distribution of PKI Certificates
Bilateral distribution of PKI certificates does not work effectively or
reliably.
[...]
Certificate Revocation Lists (CRL)
Issuing States have a responsibility for promptly advising all other States
that a certificate revocation has occurred. Currently there is no system
capable of achieving delivery of a CRL to all States within 48 hours.
[...]
-- Snip --
As Carl Ellison put it, "Plenty of PK, precious little I".
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list