From: TCJones(_at_)dockmaster(_dot_)ncsc(_dot_)mil
To: pem-dev(_at_)tis(_dot_)com
Cc: ietf(_at_)byu(_dot_)edu
"Donald E. Eastlake 3rd (Beast)" <dee at SKIDROW.TAY.DEC.COM> said:
How is this any different from the Real World? When you get an order
from someone, how do you know that they aren't bankrupt or about to run
off with the goods or about to withdrawal all their money from their
bank account or, if they purport to be the agent for some business, that
they are still authorized? The answer is that you don't and there are
plenty of scams for which it is very difficult to get redress through
the legal system. Somehow the world survives.
- - -
I'm glad to see that you brought this up since it relates to an issue
that is often ignored in these security sessions. All business have
something called an accounts receivable department whose primary goal is
the prevention of just the sort of attacks that you seem to feel cannot
be defended against. They all have a communications link to some credit
Their job is to REDUCE such attacks. Paticularly with a for-profit
business, the costs and benefits of various levels of paranoia in this
area can be determined with moderate objectivity. PERFECT defense
against such attacks is clearly impossible.
reporting system. For a security system to fit within the business
Yes, all businesses of reasonable size have some sort of "link" to
something like a credit reporting system. In most cases, it is an
ordinary unsecure phone line subject to taps and diversions on their
premises, at their local connection to the phone system, at the phone
company central office where a hacker could temporarily cause the
calls to be call forwarded to an accomplice, etc., etc., etc.
community, it must support business needs and practices. Neither PEM
nor PGP has ever included, as a design goal, support for these types of
activities. As electronic commerce starts to grow, those communities
Both PGP and PEM could do so to the level of security of normal
business practice, in any case they wanted to, by simply including a
phone number in the name of the signing entity when the signing entity
is a well known certification service.
have chosen to develop their own security protocols. As a practical
point, that seems to be an indictment of both email security protocols
as insufficient for business communications. Snail mail has found ways
to support business communications, and only survives because of the
huge volume of business mail.
Snail mail is a good example, perhaps. How exactly do you claim it
supports this comm link to credit reporting other than by printing
phone numbers on the paper being shipped?
But we digress, the question was whether secure communications were
required to support certificates. My point is solely that without
The answer being, of course not. Certificates are designed to avoid
the need for secure comm links. But the question you are looking into
is different from the question you state. The question you are
looking into is more like "can pefect security be achieved". Again,
of course the answer is no.
secure communications, the party that is seeking to acquire trust cannot
do it with PEM and CRLs unless that party can be assured that no CRL has
been issued prior to the issuing of the message. Now you can argue
This can be viewed purely as a matter of policy. The real problem is
the policy that a certificate is instantneously revokable. That's not
how things work in the real world. If I generate credentials for a
person and then decide to revoke them, I can still be bound by them
well after the decision to revoke.
sufficiency, or diminishing returns, or any other value argument that
you wish, but to be absolutely sure that the certificate was valid at
the time when the message was signed, requires a secure communications
protocol. Note that this does not need to be an encryption protocol,
but it must be secure from alteration, spoofing and denial of service
attacks.
Since there exist no communications protocols resistent to all denial
of service attacks, its clear that no one can ever be absoluely sure
that a revocable certificate is valid.
Peace ..Tom
Donald