Re: PKIs and trust

At 6:08 +0900 12/16/03, Masataka Ohta wrote:
> Stephen Kent;
>
> I'm having a feeling that you call a set of software/hardware
> to handle certs a PKI.
no, there is a lot more to a PKI than hardware and software.

> > > The problem for such PKI is that, if we have certs based on
> > > existing trust (e.g. I trust some organization have an authority
> > > to issue passports) relationships, we can exchange shared secret
> > > using the relationships that we don't need any public keys.
> > In principle, yes, but in practice it is preferable to use public 
> > keys for a variety of security reasons,
> In practice, I see no security reason not to use shared key
> cryptography. See below about the practice of the cases
> you choose (passports, frequent traveller cards, etc.)
>
> > not to mention the existence of a lot of software that can make use 
> > of certs and public keys.
> I'm afraid you are saying we should have PKI because we have PKI.
why do we use browsers to access many databases where other 
mechanisms might be more appropriate? because we all have "free" 
browsers, users and developers are comfortable with the paradigm, ...
> > > > This is what happens in the physical world with most physical 
> > > > credentials: passports, frequent traveller cards, etc.
> > >
> > > Our trust relationships in these cases are so strong that we
> > > can be delivered not only PINs (shared secret) but also physical
> > > credentials.
> >
> > Yes, but it is cheaper to issue credentials in the form of certs 
> > and avoid postage and related physical credential costs.
> In all (passports and frequent traveller cards) cases, it is
> required that applicants physically contact authorities.
True for an initial contact for a passport, not for renewal. When I 
referred to frequent traveller cards I had in mind the 
airline/hotel/car rental frequent traveller programs to which I 
belong, not credentials that get me through security with less 
examination.  (Although my frequent flyer cards DO get me into 
shorter lines in many airports.)
> In Japan, and maybe in other countries, use of material mail is
> inevitable to get passport, because it is the way to confirm the
> addresses of applicant.
The address of an applicant is not even printed on a US passport. It 
is not part of what the U.S. Department of State attests to when 
issuing a passport.
> One can pick up frequent travellor cards, at least paper ones, at
> airport.
I can get my form of frequent traveller card via a web interaction, 
with no physical presence!
> > Also, PINs are meant to be remembered by users and thus are mire 
> > vulnerable to guessing than key pairs. So we have to put into place 
> > attack monitoring and response schemes, e.g., locking down an 
> > account after N bad login attempts, which creates DoS 
> > opportunities! So there are many reasons to prefer PKI here, 
> > although there are downsides too.
> Here, we are talking about physical credentials optionally accompanied
> by PINs. So, long PINs may be securely stored in the physical
> credentials (maybe with additional short PINs to activate the physical
> credentials, which is also the case for devices storing secret keys of
> public key cryptography). DoS is to steal the physical credentials.
I think we are talking about different use models. If I have a 
frequent flyer account with web access, and if someone tries to break 
in by guessing my PIN, the airline will have to shut down the account 
after some small number of tries, to prevent an effective guessing 
attack. This denies ME access, and it imposes costs for the airline, 
because I may have to make a toll free call to someone to cause my 
account to be reactivated.  That is a DoS attack that could be 
avoided if we used crypto keys for auth.
> > > The next question is, does a, two or millions of PKIs worth having?
> > >
> > > I don't think they do.
> > I don't know how many we need. But, when I look in my travel bag I 
> > see about 30+ paper and plastic credentials, all of which could be 
> > turned into certs under the right circumstances, without creating 
> > new "trusted" organizations,
> I think we can, at least, agree that we need no "new trusted
> organizations" or commercial CAs.
agreed!

> > and with the benefit of greater security and less bulk (bits are 
> > thin and light weight!).
> That you have paper and plastic credentials means that you don't
> need much security.
not really. I rarely uses most of those credentials today. They are 
largely replaced by web accesses where knowledge of the account 
number and a PIN provides the authentication that used to be inferred 
by physical possession of the card.
> That you have an IC card containing 30+ secret keys activated with
> a short PIN does not mean so much security. How do you think about
> an IC card erases all the secret information after N bad PINs, which
> creates DoS opportunities?
I am not too worried about physical security for a crypto hardware 
token, because I am careful to not lose such tokens, just like I am, 
careful to not lose physical (paper/plastic) cards today. The 
advantage to using crypto for authentication is that the keys are 
longer and more random than PINs, and I don't have to remember all of 
them. The advantage to using public key crypto is that I can employ 
existing PKI features in browsers for authentication AND I don't have 
to worry that sloppy security procedures at the web sites will 
disclose private keys that could be used to impersonate me.
Steve