A crazy thought?

Allen netsecurity at sound-by-design.com
Sat May 26 20:58:50 EDT 2007 

Hi Gang,

In a class I was in today a statement was made that there is no way 
that anyone could present someone else's digital signature as their 
own because no one has has their private key to sign it with. This 
was in the context of a CA certificate which had it inside. I tried 
to suggest that there might be scenarios that could accomplish this 
but was told "impossible." Not being totally clear on all the 
methods that bind the digital signature to an identity I let it be; 
however, the "impossible" mantra got me to thinking about it and 
wondering what vectors might make this possible.

Validating a digital signature requires getting the public key from 
some source, like a CA, or a publicly accessible database and 
decrypting the signature to validate that the private key associated 
with the public key created the digital signature, or "open message."

Which lead me to the thought of trust in the repository for the 
public key. Here in the USA, there is a long history of behind the 
scenes "cooperation" by various large companies with the forces of 
the law, like the wiretap in the A&TT wire room, etc.

What is to prevent this from happening at a CA and it not being 
known for a lengthy period of time? Jurors have been suborned for 
political reasons, why not CAs? Would you, could you trust a CA 
based in a country with a low ethics standard or a low regard for 
human rights?

Which lead me to the thought that if it is possible, what could be 
done to reduce the risk of it happening?

It occurred to me that perhaps some variation of "separation of 
duties" like two CAs located in different political environments 
might be used to accomplish this by having each cross-signing the 
certificate so that the compromise of one CA would trigger an 
invalid certificate. This might work if the compromise of the CA 
happened *after* the original certificate was issued, but what if 
the compromise was long standing? Is there any way to accomplish this?

Thoughts?

Best to all,

Allen

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list