A crazy thought?

Ali, Saqib docbook.xml at gmail.com
Sun May 27 02:13:49 EDT 2007 

Allen,

I am not sure what you are trying to achieve. The CA never has your
private key. They are just signing a X.509 certificate that holds your
public key. This way they are vouching that that you own the public.
Even if you subpoena a CA they won't be able to decrypt any
information encrypted with your public key.

So having a separation-of-duty is not providing any additional security.

Can you please elaborate on you are trying to achieve?

Thanks
saqib
http://www.full-disk-encryption.net

On 5/26/07, Allen <netsecurity at sound-by-design.com> wrote:
> Hi Gang,
>
> In a class I was in today a statement was made that there is no way
> that anyone could present someone else's digital signature as their
> own because no one has has their private key to sign it with. This
> was in the context of a CA certificate which had it inside. I tried
> to suggest that there might be scenarios that could accomplish this
> but was told "impossible." Not being totally clear on all the
> methods that bind the digital signature to an identity I let it be;
> however, the "impossible" mantra got me to thinking about it and
> wondering what vectors might make this possible.
>
> Validating a digital signature requires getting the public key from
> some source, like a CA, or a publicly accessible database and
> decrypting the signature to validate that the private key associated
> with the public key created the digital signature, or "open message."
>
> Which lead me to the thought of trust in the repository for the
> public key. Here in the USA, there is a long history of behind the
> scenes "cooperation" by various large companies with the forces of
> the law, like the wiretap in the A&TT wire room, etc.
>
> What is to prevent this from happening at a CA and it not being
> known for a lengthy period of time? Jurors have been suborned for
> political reasons, why not CAs? Would you, could you trust a CA
> based in a country with a low ethics standard or a low regard for
> human rights?
>
> Which lead me to the thought that if it is possible, what could be
> done to reduce the risk of it happening?
>
> It occurred to me that perhaps some variation of "separation of
> duties" like two CAs located in different political environments
> might be used to accomplish this by having each cross-signing the
> certificate so that the compromise of one CA would trigger an
> invalid certificate. This might work if the compromise of the CA
> happened *after* the original certificate was issued, but what if
> the compromise was long standing? Is there any way to accomplish this?
>
> Thoughts?
>
> Best to all,
>
> Allen
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
>


-- 
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list