From: sead(_at_)dsv(_dot_)su(_dot_)se
Subject: Boss and Secretary: Alternative Solution
1. "Boss and secretary (R. Jueneman)
Some time ago R. Jueneman has requested "boss and
secretary" arrangement in the PEM system, i.e. to separate
encryption/decryption from signature capabilities.
2. Potential Solution (S. Crocker)
S. Crocker replied with the suggestion to introduce TWO
PAIRS OF RSA KEYS for that purpose. He also gave a sketch
of the new key management scheme.
3. Analysis (S. Muftic)
S. Muftic (me) doesn't like the Steve's proposal because:
a. the approach "two purposes --- two key pairs" will take
us to the principle "more purposes --- even more key pairs",
b. name subordination is not followed, since the boss is the issuer
of his own certificate !
c. certificate management, especially CRL management, is not
clear in the new scheme, (expected to be even more complicated
than the current solution).
4. Alternative solution:
Seems to me that current PEM RFCs have already the
possibility to solve Jueneman's request in quite an elegant
way: The idea is to use SYMMETRIC KEY MANAGEMENT to
distribute keys for ENCRYPTED letters (those that might be
also read by a secretary) and to use CERTIFICATES to send
EXTREMELY private letters (to be read only by the boss). In
this way:
a. we separate enc/dec from signing,
b. we have two types of private letters ("group" and
"personal"), and
c. we don't re-engineer PEM.
5. Improvements
The proposed solution may be even further improved: the boss
defines the (symmetric) master key to be used for receiving
ENCRYPTED letters, but using the THRESHOLD scheme. If the
scheme is 1-out-of-2 (the boss and secretary), then the
secretary may read ALL letters, without boss'es further
approval. However, the boss may define k-out-of-n scheme
and in that case he may give himself the right to approve
reading of encrypted letters.
6. PEM Key Management
The boss defines the (symmetric) master key (SYMM-KEY) for
the enc/dec function, keeps it locally in his DB. The type
of the threshold scheme is the local matter. For
distribution to potential senders, the boss encrypts the
SYMM-KEY with senders' certificates, and then:
(a) forwards immediately to each potential sender
(new PEM letter type: SYMM-KEY DISTRIBUTION) or
(b) stores it in a local DB for replies to the (new type
of the) PEM letter: SYMM-KEY REQUEST, which is
replied with the same type of the PEM letter as with
immediate distribution.
----------------------------------------------------------------
Sead Muftic Tel: +46-8-16 16 92
COST Computer Security Technologies Fax: +46-8-739-1839
Stockholm, Sweden E-mail:
sead(_at_)dsv(_dot_)su(_dot_)se
!