[Top] [All Lists]

Re: Weakening the rigid heirarchical trust model

1997-12-30 17:35:19
David Sternlight wrote:

David P. Kemp wrote:

From: David Sternlight <david(_at_)sternlight(_dot_)com>

any means except S/MIME.

Not bad! If a user has to exercise positive seeking behavior to get a
self-signed CA cert ...

Get a clue, please.

This is the first personal attack in this discussion. It has no place here. It
brings into question the rest of your contribution.

 The "any means except S/MIME" suggestion was intended
to demonstrate absurdity, not be taken seriously.

Nevertheless it is a good idea and I give you full credit. It wouldn't be the
first time someone thinking they were offering a straw man inadvertently
stumbled onto an insight. Since self-signed CA certs not meeting agreed trust
standards are an inherent opening for weakness, we should make that "opening"
in the system fail-safe via the standard. Positive seeking behavior is a way
to insure that the user can't accidentally foul up either through carelessness
or under the pressure of time. It must be the user's thoughtful act that
permits that, not a "push" followed by a possibly naive user simply going 

Judging by your e-mail address, don't you work for an organization that spends
a lot of time on the concept of fail-safe crypto and authentication systems?
Why not bring some of that flavor (appropriately tailored) to benefit this
group's work?

Do you have some local agenda involving self-signed CAs? If so, perhaps it is
worth discussing openly as part of the evolution of understanding of this 

"Positive seeking behavior" is a property of applications, not of

It is a property of users, if they have no alternative. The standard can be so
written as to preclude push CA certificates of unknown trustworthiness, and
thus require the user to obtain them exogenously.

Please discuss application design and security ergonomics somewhere
else - it is off-topic for the IETF S/MIME protocol working group.

Nice lateral arabesque. By redefining my suggestion away from inclusion in the
standard (where it CAN be included), you convert it to "application design and
security ergonomics", which in turn permits you to say "off topic." But as the
first response to my post, from the head of the IMC said, it is both apt and 


I think that if we take this "positive seeking behavior" idea
as a standards requirement to wall, it's wisdom becomes numbingly
clear. To really, really test the level-headedness and worthiness
of the user in his quest for the one true self-signed Certificate, 
I suggest that the user be required to solve a riddle, or he gets 
no Cert.

How about one like the following?

  "How old are your family of three?" asked the census taker.

  "Well, the product of their ages is 2450" said his friend the banker.

  The census taker looked wary; "Anything else?" he asked.

  "Altogether their ages total yours" said the banker.

  The census taker looked a lot more cheerful. "Ah!" he said, 
  scribbling a few notes, but then he paused, looked puzzled,
  then he entered into the spirit and asked: "Are they all 
  younger than you?"

  "Yes" said the banker.

  "Thank you very much" said the census taker, writing down 
  the ages of the family.

What were the ages of all FIVE (the census taker,
the banker, and his three family) people.

Happy New Year! :-)

Phillip H. Griffin         Griffin Consulting
asn1(_at_)mindspring(_dot_)com        ASN.1-SET-Java-Security
919.828.7114               1625 Glenwood Avenue
919.832.7008 [mail]        Raleigh, North Carolina 27608 USA

<Prev in Thread] Current Thread [Next in Thread>