At 07:07 PM 7/24/2004, Peter Gutmann wrote:
A depressing number of CAs generate the private key themselves and mail out to
the client.  This is another type of PoP, the CA knows the client has the
private key because they've generated it for them.

one could claim that there might be two possible useage scenarios, involving two different thread models: encryption and authentication.

from a business standpoint the encryption of corporate data (especially data at rest .... which might include some of the corporate jewels) can represent single point of failures ... if private key is required for the recovery of corporate jewels and the private key isn't reliably replicated (to avoid single points of failure); then there is a serious, corporate, overriding availability threat.

the claim can be made that the trade-off for authentication and digital signature would result in no escrow or replication of private key .... since the overriding threat model is a) impersonation and/or b) not being able to reliably attribute certain actions to specific people.

the assertion here is possible threat model confusion when the same exact technology is used for two significantly different business purposes.

.... in general, no key escrow or no key replication is frequently bad in the encryption business process scenario

... while no key escrow or no key replication is good in the authentication/digital signature business process scenario.

a problem arises when the business purpose uses of the public/private key pair isn't sufficiently described ... leading to confusion (and/or the same public/private key pair are used for different business processes with possibly conflicting threat models).

Anne & Lynn Wheeler

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to