Alfred Arsenault wrote:
-----Original Message-----
From: HORII Naoto [mailto:Naoto(_dot_)Horii(_at_)swift(_dot_)com]
Sent: Monday, February 07, 2000 1:33 PM
To: ietf-smime(_at_)imc(_dot_)org
Subject: Re: Problem for public CAs
Item 3 would typically be implemented by restricting the type of questions a
client can ask to the CA:
1) S/MIME certificates would be returned only if the subjectAltname is
unambiguously specified - e.g.
client: search certificate for
subjectAltname=lawsg(_at_)it(_dot_)postoffice(_dot_)co(_dot_)uk
server: OK, certificate=blah
client: search certificate for
subjectAltname=*(_at_)it(_dot_)postoffice(_dot_)co(_dot_)uk
server: ERROR, inavlid search key
For such a protection scheme to work, your directory server must obviously
be able to validate/
sanitize a search key against access rules - e.g. "no wildcards allowed in
search keys" - before
forwarding the search to your directory's backend engine.
<snip>
AWA: Of course, this doesn't work if you allow me an unlimited number of
queries to your directory. I'll just start with some of the more "obvious"
possibilities and work my way out; e.g.,
search for: certificate for smith(_at_)company(_dot_)com
certificate for jsmith(_at_)company(_dot_)com
certificate for smithj(_at_)company(_dot_)com
...
It's not real efficient, but hey, that's what computer programs are for. :-)
Sooner or later, I'll get a reasonable number of certs, and away I go. I'll
chew up a lot of network bandwidth and leave footprints all over your
directory, but if you let me search like this, it's worth it - if there's
money to be made in spamming, I don't care what it costs you for me to get
the addresses. :-)
My assumption, of course, is that it would be less expensive for a spammer to
just send
his/her mail via an open relay mail gateway to smith(_at_)company(_dot_)com,
smith(_at_)company(_dot_)com,
smithj(_at_)company(_dot_)com -- even if most of these addresses will be
invalid -- than to look up
digital certificates for these addresses before sending the mails.
It usually doesn't make sense for a spammer to use the target's certificate to
encrypt the
spam: doing so makes evey message unique and the spammer then loses the leverage
of being able to dispatch a mountain of e-mail by forwarding just a single copy
of the
mail to an open relay SMTP server together with a space-efficient recipient
address list.
For e-mail, I think the privacy concerns of having your e-mail address -- once
it's known --
easily mappable to a PKI certificate via a publicly accesible directory are
outweighed by the
benefit of allowing people to authemticate your mails or send you encrypted
data.
E-mail addresses are just one of the numerous coordinate points -- which
include e.g. mobile
and fax phone numbers, e-mail addresses, URLs, X.500 DNs... -- people can use
to sort of
locate you in an abstract digital space. IMHO these coordinate's connection
with the "real"
physical world in which you live can be made quite tenuous if you are careful
enough...
Are we straying more and more off-topic for this forum or what ;-)
Cheers,
Naoto