Re: PEM and PCAs

Jim,

I fail to see how this vulnerability does not exist for any
implementation of any security service?


Currently TIS/PEM uses a single bit to tell the program to bypass a
validation check, and this bit is located in the user's certificate
cache, right?  The point is that this bit is not secure, so it is
possible, and relatively simple, for someone to change that bit in
your certificate cache.  So, for example, I could add a key to your
database that contains a bogus key, and set the validation bit, and
TIS/PEM will happily report a valid key.

The point that Ted, and others, are trying to make is that it is much
more secure if that bit is cryptographically secure!  So, how do you
make that bit cryptographically secure?  You make it into a signature!
Therefore this same attacker cannot go into your database and add a
new key, since they have to have access to your secret key in order to
create a signature to validate that key!

If my certificate is one end of every certificate chain, I fail to see
how stopping at the certificate before mine (by checking the "magic bit"
as you say) is any different than stopping at my certificate?  In fact,
I believe the former would allow the validation process to complete more
quickly, and thus might be regarded as an enhancement.


It is different because you have the secret key that corresponds to
your public key, whereas you do not have the secret key corresponding
to any other public key.  This means that you can test the validity of
your key by signing something and verifying that signature.  This
being done, you can then verify your signature on the keys in your
certificate cache, and so on.

I fail to see how our implementation does not meet this criteria?
Certificates are public information that can be moved around freely and
"easily" verified by anyone receiving them.  Feel free to pass around
the "self-verifying" certificates from the TIS/PEM database.


Oh, you meet the criterion of public keys being public information.
The problem is that your implementation requires that the public
certificate cache be secure, which in most any distributed system is a
bad assumption.  I bring up again my NFS example of a couple days ago.

I hope this clears up some of your qualms.

-derek

<Prev in Thread]	Current Thread	[Next in Thread>
PEM and PCAs, Jeff Thompson Re: PEM and PCAs, Mr Rhys Weatherley Re: PEM and PCAs, James M Galvin PEM and PCAs, Steve Dusse Re: PEM and PCAs, James M Galvin Re: PEM and PCAs, Theodore Ts'o Re: PEM and PCAs, James M Galvin Re: PEM and PCAs, Derek Atkins <= Re: PEM and PCAs, Theodore Ts'o Re: PEM and PCAs, Theodore Ts'o Re: PEM and PCAs, James M Galvin Re: PEM and PCAs, jueneman%wotan Re: PEM and PCAs, Ashar Aziz Re: PEM and PCAs, Raymond Lau Re: PEM and PCAs, Derek Atkins Re: PEM and PCAs, Ashar Aziz Re: PEM and PCAs, Raymond Lau Re: PEM and PCAs, Theodore Ts'o

Previous by Date:	Re: PEM and PCAs, James M Galvin
Next by Date:	Re: PEM and PCAs, Theodore Ts'o
Previous by Thread:	Re: PEM and PCAs, James M Galvin
Next by Thread:	Re: PEM and PCAs, Theodore Ts'o
Indexes:	[Date] [Thread] [Top] [All Lists]