pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Unique DNs (was Re: PEM Test Service)

1993-02-24 13:32:00
from [Carl Ellison] [Permanent Link] 
-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 2001,MIC-CLEAR
Originator-Name: cme(_at_)ellisun(_dot_)sw(_dot_)stratus(_dot_)com
Originator-Key-Asymmetric:
 MIGbMAoGBFUIAQECAgP+A4GMADCBiAKBgCl79/jl0DEVl1GQzOHlzjDmChDDxnWO
 Acd7jShj2x1vclFh6vbHx9IJqkQdwNhNAWf8XnTrqBDN+VSBc1qdT6nSEAbNPxHD
 XcvY2DudhuRaRBVLgUQ4scTK657m90Q+bTL5yIh2MaFipUw9BgbIXPTDlksSskWP
 9oHjo+pCJC+lAgMBAAF=
MIC-Info: RSA-MD5,RSA,
 ED6gKMkk4+esDY6JuVyyWEnQfdwH5TS2J3IVjjeByeZvUxSfSLbeGPXcyLdnCmJ7
 cylozrOZKXzIZlhnyPNa/chDBXhVDcJg6MKQZwn65/vSCeOmkIdhdJ41Ccne5QEB
 FiWte35UlqJ+3gATDkRStV8/YmR3855KMXnr71+0Tsg=



Message-Id: <9302241959(_dot_)AA21161(_at_)TIS(_dot_)COM>
Subject: Re: Unique DNs (was Re: PEM Test Service) 
Date: Wed, 24 Feb 93 14:58:56 -0500



      Since a person's public key is guaranteed unique (or there's a
      serious flaw in the key generation algorithm), I fail to see why
      the DN portion of the [DN,key] pair needs to be unique.

There is absolutely nothing that suggests let only guarantees that a
public key is unique.



The quality of the unpredictable (I purposely avoided random) value used
to initiate generation of a public/private key pair is paramount, but
not sufficient to prevent duplicates.  After all, there is nothing to
prevent two independent machines from independently generating for use
the same unpredictable start value!


Not to nit pick, but my "or there's a serious flaw in the key generation
algorithm" was speaking to this possibility.

If truly random numbers are used, there is a chance for two people to
generate the same key, but it's unlikely enough that I would consider it
impossible.  (eg., 1 chance in 2^1024).

If non-random numbers are used and two people generate the same key,
then the key generation algorithm is flawed by definition and needs to be
fixed before anything else is done.

 - Carl

 - <<Disclaimer: All opinions expressed are my own, of course.>>
 - Carl Ellison                                        
cme(_at_)sw(_dot_)stratus(_dot_)com
 - Stratus Computer Inc.       M3-2-BKW                TEL: (508)460-2783
 - 55 Fairbanks Boulevard ; Marlborough MA 01752-1298  FAX: (508)624-7488
-----END PRIVACY-ENHANCED MESSAGE-----
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ["Joyce K. Reynolds": RFC1424 on Key Certification and Related Services], Einar Stefferud
Next by Date:  Re: PEM Test Service, Robert W. Shirey
Previous by Thread:  Re: Unique DNs (was Re: PEM Test Service), Peter Yee
Next by Thread:  Re: Unique DNs, Carl Ellison
Indexes:  [Date] [Thread] [Top] [All Lists]