Hi Adam, > From: Adam Back <[EMAIL PROTECTED]> > Date: Fri, 30 Jul 2004 17:54:56 -0400 > To: Aram Perez <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED], Cryptography <[EMAIL PROTECTED]>, Adam > Back <[EMAIL PROTECTED]> > Subject: Re: should you trust CAs? (Re: dual-use digital signature > vulnerability) > > On Wed, Jul 28, 2004 at 10:00:01PM -0700, Aram Perez wrote: >> As far as I know, there is nothing in any standard or "good security >> practice" that says you can't multiple certificate for the same email >> address. If I'm willing to pay each time, Verisign will gladly issue me a >> certificate with my email, I can revoke it, and then pay for another >> certificate with the same email. I can repeat this until I'm bankrupt and >> Verisign will gladly accept my money. > > Yes but if you compare this with the CA having the private key, you > are going to notice that you revoked and issued a new key; also the CA > will have your revocation log to use in their defense. > > At minimum it is detectable by savy users who may notice that eg the > fingerprint for the key they have doesn't match with what someone else > had thought was their key. > >> I agree with Michael H. If you trust the CA to issue a cert, it's >> not that much more to trust them with generating the key pair. > > Its a big deal to let the CA generate your key pair. Key pairs should > be generated by the user.
>From a purely (and possibly dogmatic) cryptographic point of view, yes, key pairs should be generated by the user. But in the real world, as Ian G points out, where businesses are trying to minimize costs and maximize profits, it is very attractive to have the CA generate the key pair (and as Peter G pointed, delivers the pair securely), and issue a certificate at the same time. I hope you are not using a DOCSIS cable modem to connect to the Internet, because that is precisely what happened with the cable modem. A major well-known CA generated the key pair, issued the certificate and securely delivered them to the modem manufacturer. The modem manufacturer then injected the key pair and certificate into the modem and sold it. I guess you can say/argue that there is a difference between a "user key pair" and a "device key pair", and therefore, it can work for cable modems, but I don't how you feel/think/believe in this case. Until fairly recently, when smart card could finally generate their own key pairs, smart cards were delivered with key pairs that were generated outside the smart card and then injected into them for delivery to the end user. I'm not trying to change your mind, I'm just trying to point out how the real business world works, whether we security folks like it or not. Respectfully, Aram Perez --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]