[Cryptography] The next generation secure email solution
Guido Witmond
guido at witmond.nl
Thu Dec 19 05:49:21 EST 2013
On 12/18/13 21:22, Phillip Hallam-Baker wrote:
> Guido's scheme is very similar to the one I am planning to build in
> stage 2 of my system. In fact if he wants to build his system he could
> use stage 1 of mine as a development platform.
I was thinking of the other way around. I already have the local CA and
a demo that uses it. :-)
> But I do think it is important to acknowledge one of the lessons we
> learned in spam control: the bad guys will exploit every feedback channel.
>
> So when we are dealing with reports of violations of protocols we have
> to be ready for attackers making false complaints.
The beauty of the eccentric protocol is that *only* the site's CA can
sign certificates for its domain. Spammers do not have the site's CA
private key. Spammers cannot create fake duplicates. So if there is a
duplicate certifcate for a certain CN that is signed by the local CA, it
is proof of 'problems' (either malicious or erroneous).
The protocol does not allow CN's to be signed by other CA's. These
certificate will be ignored, dropped.
> Many early spam
> blacklists that had 'zero tolerance' policies lost credibility very
> quickly as people would sign up for mailing lists for the purpose of
> reporting the source as a spammer. Some of the malicious reports were
> intended to sabotage political or commercial rivals. But quite a few
> were made to discredit the lists themselves.
>
> The trust problem is very easy if you have some form of ground truth to
> reference. But no such ground truth exists.
The 'Registry of Dishonesty' forms that ground truth. It allows to
verify that a certain CN is used in only *one* certificate. When you
have that proof-of-uniqueness after the first message-roundtrip, you've
established an authenticated channel between the two of you.
This verification must be done for each *new* person/certificate you
encounter. However, people can send CN's to others, giving a certificate
a local meaning. For example, when dealing with a business I get a
reply: "You can deal with these issues with our xxx-department. Contact
them at abc@@domain.tld."
I can look up that CN at the registry, verify it's uniqueness and I
*trust* the sender that it is the correct address of their xxx-department.
Regards, Gudio.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131219/351efd7d/attachment.pgp>
More information about the cryptography
mailing list