ietf
[Top] [All Lists]

Re: Should IETF do more to fight computer crime?

2000-05-22 10:20:03
In message <0FUY002KBZ3DIG(_at_)cuimail(_dot_)unige(_dot_)ch>, 
Bertrand(_dot_)Ibrahim(_at_)cui(_dot_)unige(_dot_)ch wri
tes:
Steve Bellovin <smb(_at_)RESEARCH(_dot_)ATT(_dot_)COM> said:
I'm far from convinced, for example, that the LOVEBUG  virus would
have been prevented were all mail digitally signed, because  I
strongly suspect that the attack would have invoked a digital
signature API to generate digitally-signed copies of itself.

I would hope that any software I use, that is able to put my digital signature
on some data, would ask me for my pass-phrase every time my private key is 
used. I would even hope that such software wouldn't be able to use my private
key without the pass-phrase, otherwise anybody with access to my computer coul
d
easily forge my signature.

If this requirement is not met, the digital signature has no value.

Yup...

More precisely -- in the Holy Name of Convenience, many (most?) mailers 
permit a passphrase to be cached for some amount of time.  A virus 
could exploit that.  Or it could wait until you tried sending some 
signed mail, and grab the key then.  It could even wait, and then pop 
up its own key window that masquerades as the real one, followed by a 
box saying that you entered your passphrase incorrectly, and that you 
should retry it, in the real prompt.  There are operating system 
techniques that can prevent that latter attack, such as the "trusted 
path".  But trusted path support is rare on UNIX systems, and though 
Windows NT does use it for login passwords, I haven't yet seen a secure 
NT mailer that uses it.  (Btw -- though there are security risks here, 
there are also security risks in using such technologies, since if it's 
too inconvenient to send secure email, there will be more sent in the 
clear.  That's a risk, too; pick your poison.)

It's for reasons like these that it has been said that conventional 
signatures are weakly bound to a document, but strongly bound to the 
individual, while digital signatures are strongly bound to a document 
but weakly bound to an individual.  A digital signature provides proof 
that a particular private key was used to produce it.  Just who 
employed that key is a separate question, and one that must be 
carefully evaluated when deciding how much weight to attach to the 
signature.

                --Steve Bellovin