[Cryptography] A PKI without CRLs or OCSP
ianG
iang at iang.org
Wed Oct 26 17:21:56 EDT 2016
On 26/10/2016 06:48, Francisco Corella wrote:
> While working on a blockchain-based solution for remote identity
> proofing,
I don't wish to be harsh, ... but there's your mistake, right there -
you took a tool and bashed it over a problem. It's the other way around.
Start with identity. Figure out what it is. (That will take a (*))
Compare your model of identity to your use case or business model. From
this extract some requirements and threat models and security models
(whirl around this loop like a million times). When all that settles,
pick some tools. (Another (*))
I guarantee if you do this properly, you won't be thinking about
blockchain nor PKI.
> we came to realize that a blockchain with on-chain storage
> can be used to implement the same functionality as a traditional PKI,
> with remarkable advantages. In particular, the verifier can validate
> a certificate chain on its local copy of the blochain without any
> network access.
Yes, like PKI. PKI was originally designed by telcos to deliver
certificates over the telephone, one per household, as the newfangled
digital-to-analog-and-back-again modem did it's work of downloading the
day's electronic mail.
Then, as the family browsed their mail on their single standalone
pre-PC, the certificate would authenticate the sender - offline.
Unfortunately, while that particular model was possibly relevant and
promising in the 1970s and 1980s, including with Janet, ACSnet, UUCP and
all its !!! the offline model died with the Internet.
It's all online now. Need another design.
> Details can be found in this blog post
> <https://pomcor.com/2016/10/25/implementing-a-pki-on-a-blockchain/> and
Nice hack - but the business model of the CA includes making sure that
never happens.
> in Section
> 3 of this paper <https://pomcor.com/techreports/BlockchainPKI.pdf>.
> Comments welcome.
So, if we can skip past the blockchain-is-your-hammer... what is it that
you are really trying to solve?
iang
(*) year
More information about the cryptography
mailing list