On Sat, 26 Oct 2002 09:38:50 +1200, Franck Martin said: > The question of a global PKI is to remove anonymity. You can trace back > to a real person (legal person) from the certificate. Who can offer No. You can trace back to the fact that the signed data was at the same place as the private key, at the same time. It most certainly does *not* prove that a given person intentionally signed it. I want you to think about how many people have had things mailed out because they've gotten an email-based worm - and then think about the fact that the FBI *seriously* considered something called Green Lantern. Then think about how lax security has to be on the average to have Green Lantern actually work. The designers of Curious Yellow (http://blanu.net/curious_yellow.html) have some thoughts regarding worms and PKI, which you might want to read - and consider that said worms do nothing that an attacker can't do on a one-off basis. I'll bet there's at least a dozen different ways to code a malicious webpage that contains Javascript that will download a file, sign it on the victim's PC, and upload it back to the server. No, I don't know of any, but anybody who watches Bugtraq probably goes *yawn* at the discovery of *another* browser hole or cross-site scripting exploit (and note that the latter can possibly be abused as well...) An amazing number of people never even notice they're mailing out tons of attachments. But let's assume the user actually notices, and realizes their key may be compromised (and the average user will *NOT* correlate "worm" with "compromised key").... You get lots of bonus points for designing a PKI that's able to issue a new key and a CRL for the old one every time somebody gets bit by Klez or *any other* worm that mails out attachments - unless you can *prove* the attachment wasn't your key, you need a new one. The 4 Mirapoints on our mail hub are fast closing in on *5 million* trapped viruses. And we're one relatively small site, with only 60K mailboxes. Extrapolate to 600 million mail users. That makes for massive churn on the CRL... There's a subtle difference between the average PKI and credit cards too - if I *lose* my credit card, it's easy to cancel - but a lot of fraud doesn't surface till I get my bill weeks later. That's OK, because I can protest the fraudulent transactions and agree to pay the legitimate part of the bill. The average PKI has a hard time dealing with this sort of thing - even if it's able to deal with "we got hacked 3 weeks ago and just found out", there's very fundemental issues with what to do with the 95% of transactions since then. Any sane PKI scheme will insist that everything in the last 3 weeks be invalid and needs to be redone. Good luck doing THAT, especially if the goods and money have already been exchanged in the 95% good transactions.... > that? What has to be done? This is my question... First off, you need a PKI that *guarantees* that this never happens: http://www.cert.org/advisories/CA-2001-04.html Then you need to consider that we're averaging a CERT advisory *A WEEK* so far this century. Right now, saying "it has a digital signature, therefor the person signed it" is like saying "we didn't see the driver, but because this pickup truck hit somebody, the owner did the hit and run" when the defense has a dozen witnesses that will testify that the defendant habitually left the keys in the ignition.... -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
Attachment:
pgp00138.pgp
Description: PGP signature