On Sat, 26 Oct 2002 09:38:50 +1200, Franck Martin said:
The question of a global PKI is to remove anonymity. You can trace back
to a real person (legal person) from the certificate. Who can offer
No. You can trace back to the fact that the signed data was at the same
place as the private key, at the same time. It most certainly does *not*
prove that a given person intentionally signed it.
I want you to think about how many people have had things mailed out because
they've gotten an email-based worm - and then think about the fact that the
FBI *seriously* considered something called Green Lantern. Then think about
how lax security has to be on the average to have Green Lantern actually work.
The designers of Curious Yellow (http://blanu.net/curious_yellow.html) have
some thoughts regarding worms and PKI, which you might want to read - and
consider that said worms do nothing that an attacker can't do on a one-off
basis.
I'll bet there's at least a dozen different ways to code a malicious webpage
that contains Javascript that will download a file, sign it on the victim's
PC, and upload it back to the server. No, I don't know of any, but anybody
who watches Bugtraq probably goes *yawn* at the discovery of *another* browser
hole or cross-site scripting exploit (and note that the latter can possibly
be abused as well...)
An amazing number of people never even notice they're mailing out tons of
attachments. But let's assume the user actually notices, and realizes their
key may be compromised (and the average user will *NOT* correlate "worm" with
"compromised key")....
You get lots of bonus points for designing a PKI that's able to issue a new key
and a CRL for the old one every time somebody gets bit by Klez or *any other*
worm that mails out attachments - unless you can *prove* the attachment wasn't
your key, you need a new one. The 4 Mirapoints on our mail hub are fast
closing in on *5 million* trapped viruses. And we're one relatively small
site, with only 60K mailboxes. Extrapolate to 600 million mail users. That
makes for massive churn on the CRL...
There's a subtle difference between the average PKI and credit cards too -
if I *lose* my credit card, it's easy to cancel - but a lot of fraud doesn't
surface till I get my bill weeks later. That's OK, because I can protest the
fraudulent transactions and agree to pay the legitimate part of the bill.
The average PKI has a hard time dealing with this sort of thing - even if it's
able to deal with "we got hacked 3 weeks ago and just found out", there's very
fundemental issues with what to do with the 95% of transactions since then.
Any sane PKI scheme will insist that everything in the last 3 weeks be invalid
and needs to be redone. Good luck doing THAT, especially if the goods and
money have already been exchanged in the 95% good transactions....
that? What has to be done? This is my question...
First off, you need a PKI that *guarantees* that this never happens:
http://www.cert.org/advisories/CA-2001-04.html
Then you need to consider that we're averaging a CERT advisory *A WEEK*
so far this century.
Right now, saying "it has a digital signature, therefor the person signed it"
is like saying "we didn't see the driver, but because this pickup truck hit
somebody, the owner did the hit and run" when the defense has a dozen witnesses
that will testify that the defendant habitually left the keys in the
ignition....
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
pgpGxDMaTObrg.pgp
Description: PGP signature