A crazy thought?
Allen
netsecurity at sound-by-design.com
Sat May 26 20:58:50 EDT 2007
Hi Gang,
In a class I was in today a statement was made that there is no way
that anyone could present someone else's digital signature as their
own because no one has has their private key to sign it with. This
was in the context of a CA certificate which had it inside. I tried
to suggest that there might be scenarios that could accomplish this
but was told "impossible." Not being totally clear on all the
methods that bind the digital signature to an identity I let it be;
however, the "impossible" mantra got me to thinking about it and
wondering what vectors might make this possible.
Validating a digital signature requires getting the public key from
some source, like a CA, or a publicly accessible database and
decrypting the signature to validate that the private key associated
with the public key created the digital signature, or "open message."
Which lead me to the thought of trust in the repository for the
public key. Here in the USA, there is a long history of behind the
scenes "cooperation" by various large companies with the forces of
the law, like the wiretap in the A&TT wire room, etc.
What is to prevent this from happening at a CA and it not being
known for a lengthy period of time? Jurors have been suborned for
political reasons, why not CAs? Would you, could you trust a CA
based in a country with a low ethics standard or a low regard for
human rights?
Which lead me to the thought that if it is possible, what could be
done to reduce the risk of it happening?
It occurred to me that perhaps some variation of "separation of
duties" like two CAs located in different political environments
might be used to accomplish this by having each cross-signing the
certificate so that the compromise of one CA would trigger an
invalid certificate. This might work if the compromise of the CA
happened *after* the original certificate was issued, but what if
the compromise was long standing? Is there any way to accomplish this?
Thoughts?
Best to all,
Allen
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list