About that "Mighty Fortress"... What's it look like?

Perry E. Metzger perry at piermont.com
Sat Jul 31 11:24:29 EDT 2010 

On Fri, 30 Jul 2010 19:40:49 -0700 Ray Dillinger <bear at sonic.net>
wrote:
> Assume, contra facto, that in some future iteration of PKI, it
> works, and works very well.
>
> What the heck does it look like?
>
> At a guess....  Anybody can create a key (or key pair).  They 
> get one clearly marked "private", which they're supposed to keep, 
> and one clearly marked "public", which they can give out to anybody
> they want to correspond with.
>
> Gaurantors and certifying authorities can "endorse" the public key
> for specific purposes relating to their particular application.
> Your landlord can "endorse" your keycard to allow you to get into 
> the apartment you rent, the state government can "endorse" your 
> key when you get a contractor's license or private investigator's 
> license or register a business to sell to consumers and pay taxes,
> etc.

You are still following the same model that has failed over and over
and over again. "Endorsing" keys is the same "we have no internet, so
we rely on having big books to tell us whether a person's credit card
was stolen" model.

There is no rational reason at all that someone should "endorse" a key
when it is possible to simply do a real time check for
authorization. There is no reason to sign a key when you can just
check if the key is in a database.

> And you can revoke your endorsement of any particular key, at any
> time, for any reason.

How?

If you have to do a real time check for every use anyway, the
signature on the key is unnecessary as you can just ask "is this user
authorized". If you can't do a real time check, then the system fails
anyway. Either way, there is no logical or architectural reason for
signatures on keys.

> I think this model is simple enough to be understood by ordinary
> people.

I challenge you to explain any such model to my mother
successfully. Indeed, I think any model that needs to be explained to
anyone has already failed.

A good model is one in which if you screw up, nothing bad can
happen. For example, if you go to the phisherman's web site instead of
your bank's, nothing you can possibly do will endanger your
security. The worst that can happen is you end up frustrated and
puzzled, but you never can leak information to the phisherman. It may
be impossible to achieve this with complete perfection, but if, for
example, it would be necessary for someone trying to steal your
credentials to social engineer you into get actual physical access to
a smart token or some such for a while to get at your bank account,
things are now "good enough" for most purposes.

Perry
-- 
Perry E. Metzger		perry at piermont.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list