ietf
[Top] [All Lists]

Re: PKIs and trust

2003-12-15 05:28:30
Franck Martin;

That you can construct a PK structure to represent a set of trust
relationships for some purpose does not mean that there is some
general purpose PKI.

There isn't.

That is, that you must construct a PK structure for every different
purpose is not a software issue but an operational problem too complex
and costly to be solvable.

Hmmm, we talked about some of it...

Maybe. However there are other reasons why PKI is hopeless.

The other two problems are:

        CAs of PKI, if any, is just as reliable as ISPs. That is,
        if you can just rely on CAs, you can just rely on ISPs that
        your communication is just secure. Otherwise, you must
        assume that your or your peers CA, on which you have no
        control over, is compromised. So, virtual MitM in CAs
        between you and your peer is just as harmful as MitM
        in ISPs between you and your peer.

        PKIs, if any, is no useful for authentication on consumable
        credential. The only merit of PK with CA over shared key with
        KDC is that no communication with CAs is necessary for every
        transaction. However, it means that there is no entity to check
        the amount of remaining credential. So, if an attacker has a
        certificate to be used for 1,000USD of transaction, the attacker
        can use the certificate for 1,000 second 1,000 times a second
        from 1,000 different locations, total damage of which is
        1,000,000,000,000USD for personal benifit of the attacker or for
        economical terrorism to ruin the world wide economy.

In short, CAs are intermediate intelligent entities not knowing
the precise current state of communications (e.g. remaining
credential) that introduction of such CAs is the direct violation
of the end to end principle.

So, PKI is even less hopeful than IPv6.

                                                        Masataka Ohta





<Prev in Thread] Current Thread [Next in Thread>