A crazy thought?

Bowness, Piers pbowness at rsasecurity.com
Tue May 29 08:48:56 EDT 2007 

On Sat 5/26/2007 at 8:59 PM Allen [netsecurity at sound-by-design.com]
wrote:

> Validating a digital signature requires getting the public key from
> some source, like a CA, or a publicly accessible database and
> decrypting the signature to validate that the private key associated
> with the public key created the digital signature, or "open message."
 
No. Usually the signer's certificate is included with the message so you
don't go anywhere to get Alice's certificate, but you verify it against
a trusted root. 
> 
> Which lead me to the thought of trust in the repository for the
> public key. Here in the USA, there is a long history of behind the
> scenes "cooperation" by various large companies with the forces of
> the law, like the wiretap in the A&TT wire room, etc.

>From my perspective, the primary attack vector here is the Trusted Root
CA list. If you can get the recipient to accept a new root, the forgery
is pretty simple. If the end-user fails to validate the Trusted Root CA
list and examine the certificate signature chain, then any trusted root
CA could issue a cert with any "Subject" making any claim. And yes,
being in the security business, I do check the certificate chain for my
bank's on-line service before logging on. (I've also complained to them
when they re-used a certificate from one host for another.)

> What is to prevent this from happening at a CA and it not being
> known for a lengthy period of time? Jurors have been suborned for
> political reasons, why not CAs? Would you, could you trust a CA
> based in a country with a low ethics standard or a low regard for
> human rights?

To some extent, CA's are all about policy. What steps were required to
obtain a certificate? These vary from "I had control of an e-mail
account at the time of certificate issuance." to "I've had my lawyer
present a notarized copy of my letters of incorporation and 2 years of
public financial statements". To me it's simple: Don't trust the root CA
if you don't trust them to enforce their policies. Verisign has built a
small business on this premise.

-Piers

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list