A crazy thought?
Anne & Lynn Wheeler
lynn at garlic.com
Sun May 27 11:19:37 EDT 2007
Allen wrote:
> Hi Gang,
>
> In a class I was in today a statement was made that there is no way that
> anyone could present someone else's digital signature as their own
> because no one has has their private key to sign it with. This was in
> the context of a CA certificate which had it inside. I tried to suggest
> that there might be scenarios that could accomplish this but was told
> "impossible." Not being totally clear on all the methods that bind the
> digital signature to an identity I let it be; however, the "impossible"
> mantra got me to thinking about it and wondering what vectors might make
> this possible.
CAs are certification authorities ... they certify some information they
have checked and issue digital certificates that represent that checking
... somewhat analogous to physical licenses, credentials, certificates.
most certification authorities aren't the authoritative agency for the
information that they certify ... for the most part they are simply
certifying that they have checked the information with whatever authoritative
agency is responsible for that information.
in that sense they are somewhat like notary ... i.e. if somebody has
done some identity theft and managed to obtain a valid driver's license
... the notary isn't held responsible ... they just notarize that
they checked a valid drivers license.
this is somewhat the catch-22 scenario in recent posts for ssl domain
name certification authorities
http://www.garlic.com/~lynn/subpubkey.html#catch22
where they are in something of a situation because big part of the
original justification for ssl domain name certificates involved
integrity issues with the domain name infrastructure ... however,
the domain name infrastructure is also the authoritative agency for
domain name owner information, which the ssl domain name certification
authority is dependent on as part of the integrity for certifying
ssl domain name information. Fixing integrity issues in the domain
name infrastructure ... improves the probability that correct
ssl domain name certification is being performed ... but fixing
integrity issues in the domain name infrastructure can also drastically
reduce justification for having ssl domain name certificates.
recent posts
http://www.garlic.com/~lynn/aadsm27.htm#14 307 digit number factored
http://www.garlic.com/~lynn/aadsm27.htm#15 307 digit number factored
http://www.garlic.com/~lynn/aadsm27.htm#16 dnssec?
http://www.garlic.com/~lynn/aadsm27.htm#17 dnssec?
http://www.garlic.com/~lynn/aadsm27.htm#19 307 digit number factored
http://www.garlic.com/~lynn/aadsm27.htm#20 307 digit number factored
http://www.garlic.com/~lynn/aadsm27.htm#21 307 digit number factored
in some cases, there is the possibility that the excessive attention
to the details of the cryptographic operations is pure obfuscation
that the rest of the end-to-end business processes may purely be
built on a house of cards.
for additional drift, some recent posts in related thread on digital certificates
in another fora (including some possible infrastructure vulnerabilities
and systemic risks)
http://www.garlic.com/~lynn/2007i.html#5 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007i.html#17 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007i.html#28 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007i.html#48 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007i.html#51 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007k.html#79 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007l.html#0 Re: John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007l.html#2 Re: John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007l.html#6 Re: John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007l.html#9 Re: John W. Backus, 82, Fortran developer, dies
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list