[Top] [All Lists]

Re: Problem for public CAs

2000-02-08 02:41:45

Alfred Arsenault wrote:

-----Original Message-----
From: HORII Naoto [mailto:Naoto(_dot_)Horii(_at_)swift(_dot_)com]
Sent: Monday, February 07, 2000 1:33 PM
To: ietf-smime(_at_)imc(_dot_)org
Subject: Re: Problem for public CAs

Item 3 would typically be implemented by restricting the type of questions a
client can ask to the CA:

1) S/MIME certificates would be returned only if the subjectAltname is
unambiguously specified - e.g.

client: search certificate for 
server: OK, certificate=blah

client: search certificate for 
server: ERROR, inavlid search key

For such a protection scheme to work, your directory server must obviously
be able to validate/
sanitize a search key against access rules - e.g. "no wildcards allowed in
search keys" - before
forwarding the search to your directory's backend engine.


AWA: Of course, this doesn't work if you allow me an unlimited number of
queries to your directory.  I'll just start with some of the more "obvious"
possibilities and work my way out; e.g.,

        search for:  certificate for smith(_at_)company(_dot_)com
                       certificate for jsmith(_at_)company(_dot_)com
                         certificate for smithj(_at_)company(_dot_)com

It's not real efficient, but hey, that's what computer programs are for. :-)
Sooner or later, I'll get a reasonable number of certs, and away I go.  I'll
chew up a lot of network bandwidth and leave footprints all over your
directory, but if you let me search like this, it's worth it - if there's
money to be made in spamming, I don't care what it costs you for me to get
the addresses. :-)

My assumption, of course, is that it would be less expensive for a spammer to 
just send
his/her mail via an open relay mail gateway to smith(_at_)company(_dot_)com, 
smithj(_at_)company(_dot_)com -- even if most of these addresses will be 
invalid -- than to look up
digital certificates for these addresses before sending the mails.

It usually doesn't make sense for a spammer to use the target's certificate to 
encrypt the
spam: doing so makes evey message unique and the spammer then loses the leverage
of being able to dispatch a mountain of e-mail by forwarding just a single copy 
of the
mail to an open relay SMTP server together with a space-efficient recipient 
address list.

For e-mail, I think the privacy concerns of having your e-mail address -- once 
it's known --
easily mappable to a PKI certificate via a publicly accesible directory are 
outweighed by the
benefit of allowing people to authemticate your mails or send you encrypted 
E-mail addresses are just one of the numerous coordinate points  -- which 
include e.g. mobile
and fax phone numbers, e-mail addresses, URLs, X.500 DNs... -- people can use 
to sort of
locate you in an abstract digital space.  IMHO these coordinate's connection 
with the "real"
physical world in which you live can be made quite tenuous if you are careful 

Are we straying more and more off-topic for this forum or what ;-)


<Prev in Thread] Current Thread [Next in Thread>