Kevin,
Your questions were not at all unreasonable, and some people
could use a lesson in manners.
I gather from your email address that you are with the Utah Court
system. I have talked with Alan Assay from that organization, and
know that the Utah court system is one of the most advanced in the
country from the standpoint of supporting and encouraging electronic
filings and pleadings in real court cases. Obviously you have a considerable
interest in privacy (to protect both the plaintiff and the defendant's
rights), and a compelling need for digital signatures to confirm the
authenticity of the messages. Along with the Quebec Board of Notaries,
which has set up a system for electronically filing real property transactions
that are legally binding under the Quebec civil notary tradition, I would say
that
you are on the very cutting edge of applications of this technology.
I will therefore attempt to answer some of your questions as best I can.
1. Do you know of any products that are currently on the market? If
so, do you know how I can get a hold of them?
There are several public domain programs, including the PEM reference model
developed by Trusted Information Systems. MIT and others have been developing
implementations for noncommercial use, and several European vendors are
developing commercial versions for sale. I'm sure that vendors will contact you
directly, but at present I am not aware of any implementations that I would
consider to be of commercial quality, ready to use out of the box.
A possible exception would be the Apple Open Collaboration Environment (AOCE)
capability which is distributed in System 7 Pro. But it doesn't directly support
PEM or any other protocol, although it does allow a wide variety of objects
to be digitally signed and validated.
2. I have read the RFC's containing the standards, but is there any
standard about how keys will be kept and managed. For example,
would I be able to have many different programs generate keys, and
have my version of PEM be able to keep one central database of
keys. Also, how do I collect public keys from 20 different programs
and put them on one ring?
No, the PEM RFCs do not specify how keys are to be stored or protected.
That is considered a "local matter". Most implementations are storing them
on floppy disk, encrypted using some sort of a password scheme. Smart card
implementations are highly desirable in this environment, but are not yet
available.
Most PEM implementations allow the user to generate his own public/private
key pair, and then physically take that combination to the Certification
Authority
to be certified. Hopefully the CA will require that the user demonstrate that
he knows the corresponding private key by actually signing something, but
since that act might compromise his private key he would be well advised to do
this on a laptop or other machine under his own control.
Your question about collecting public keys from 20 programs and putting them
on one ring is a bit confusing. The PEM standard makes use of X.509 certificates
to distribute public keys, but it does not dictate how they should be stored
locally. Ultimately it is expected that the X.509 certificates will be made
available
via a distributed X.500 directory, but none are available in that format that
I am aware of. As a temporary expedient, it is expected that users will include
their own certificates and those of their CA and PCA in their outgoing
messages,
and that the recipients will cache them locally, "somehow".
You might also have been enquiring how the public keys for a variety of PCAs
and/or CAs can be entered into the user's local cache of trusted root keys,
given
the fact that the IPRA is not yet up and running, that some users may prefer to
operate "island" PCAs until all of the policy issues are worked out, and that
there
is another world out there that is interested in digital signatures but is not
particularly oriented around PEM. That would also be a very fair question, but
unfortunately there aren't any very good answers. Most implementations presently
hard code the root key of their favorite PCA, but you should ask the various
vendors that question directly.
3. In what direction is PEM heading now? I have heard that DES
can be cracked fairly easily if you have the right equipment. If this is
true, does anyone have any sources for this information. Are
developers still planning to use DES to encrypt messages and their
digests or are they looking at other methods (such as ideakey)?
I perceive that your question is really, "What is the Public Key Infrastructure
for the United States and the world eventually going to look like?" This is
an OUTSTANDING question, and one which I believe that Vice President
Gore may have to address personally if he wishes the National Information
Infrastructure (data highways) initiative to succeed. At the recent EDI
conference in New York, one speaker put up a chart showing all of the various
standards and other initives that were going on in this area. In the center of
the chart, like a hole in a doughnut, there was a circle labelled something
like "Public/Private Policy Direction". Unfortunately, there isn't any coherent
public policy as yet, nor much guidance from the private sector either.
CCITT (now the ITU) and their standards bodies are slowly, painfully, evolving
the architecture for X.400 and X.500, including X.509. ANSI X9F1 is doing some
excellent work in developing standards for authorization certificates. The US
government is continuing to push CLIPPER/Capstone/Skipjack/Mosaic/Tessura
for the Defense Message System. Meanwhile, the two killer applications that
could really make this technology take off, namely a universal health care card
and/or electronic filing of digitally signed income tax returns, really haven't
addressed this issue yet, at least in public.
At the public policy level, of course, there is a very strong belief by some
that any
encryption scheme stronger than 40 bit RC2 or RC4 is unacceptable, unless the
keys are escrowed. This view is roundly rejected by most of the known universe
(Dorothy Denning excepted), but so far to no avail. And others have concluded
that something on the order of triple-DES is needed, but of course only for the
good guys. Theoretical papers have been written which conclude that a pipelined
key-cracking engine could be built for severl millions or 10s of millions of
dollars,
but saying it and actually doing it are two different things. I believe that
the PEM
community and others should put this issue on the table and propose more
advanced schemes for the next iteration of the architecture, but the export
issue
will remain a show-stopper until and unless it is addressed by the very highest
level of the US Government. (Or at least by Hillary. :-)
All this advice and a dime will get you a cup of coffee, of course. (Actually,
the
price for a cup of coffee delivered to your room in New York is $9.50, but you
get my drift.) There aren't any easy answers, and your questions were right
on target. Keep 'em coming!
Bob Jueneman