Strength in Complexity?

Ben Laurie ben at links.org
Sun Aug 3 08:08:13 EDT 2008 

So, an executive summary of your responses appears to be "EKMI leaves 
all the hard/impossible problems to be solved by components that are out 
of scope".

As such, I'm not seeing much value.

Anyway...

Arshad Noor wrote:
> Ben Laurie wrote:
>> OK, so you still have a PKI problem, in that you have to issue and 
>> manage client certificates. How is this done?
>>
> One man's meat .... :-).  (I don't necessarily view this as a problem
> Ben.  I've built up a career and a small business in the last 9 years
> doing just that.)
> 
> Nevertheless, to answer the question, the PKI deployment is not part
> of the SKSML prtocol (other than the WSS header that carries the XML
> Signature and/or XML Encryption of the SOAP Body), but it is part of
> an EKMI.  (EKMI = PKI + SKMS).  A company deploying an EKMI must have,
> or must build a PKI and deploy the client/server certificates separately
> from the SKMS.
> 
> While this might be viewed as a problem for some/many companies in the
> short-term, I fully anticipate that vendor implementations of SKMS will
> integrate with PKI software to manage this process seamlessly in the
> future.

PKI out of scope...

>> I do not believe this is the case. DRM fails because the attacker has 
>> physical possession of the system he is attacking.
>>
> 
> Which is why we are recommending that SKMS clients use hardware based
> modules (be it TPMs, smartcards, HSMs, etc.) to generate and store the
> Private Key used by SKMS client to decrypt the symmetric keys.  While
> even these can be attacked, the problem is now in a different domain
> than the SKSML protocol.

...impossibility of solving DRM problem out of scope...

>>> EKMI's goals are not to provide bullet-proof security.  It has more
>>> modest ambitions - to provide a management framework for incremental
>>> security, targeted at the right resource: the data, rather than the 
>>> network.
>>
>> Are there any even vaguely modern systems that target the network for 
>> security, or is this a straw man?
> 
> What I meant to say is that EKMI's goal is to protect the data and not
> the network.

...goals the same as pretty much all cryptographic protocols...

>> If it is up to them, then why bother with this verification process? 
>> This sounds like yet more security theatre to me.
>>
> 
> I'm not sure which verification process you're referring to.
> 
> No, this is not security theater.  EKMI does not guarantee anything, nor
> does it promise unbreakable anything.  Everything in EKMI is a choice.
> You get to choose the strength of your keys, your PKI, your policies,
> your procedures and your implementation.  All we're offering is a tool
> that does something specific to the extent that the specifications and
> the technology allows.  Nothing more, nothing less.  If you - as a
> cryptographer - say that AES-156 will do X under these conditions, then
> EKMI will support X under those conditions.  EKMI only adds the ability
> to manage a large number of keys centrally, and to ease many of the
> administrative burdens we see that large-scale key-management can cause.
> Everything it does is constrained by the limitations of the underlying
> technology components, polices and practices.  But you still have to
> make the choice.

...security out of scope and scope out of scope.

Is there anything other than key escrow that's actually in scope?

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list