John Saylor wrote: > as i understand it, the problem here was that credentials were issued by > an untrustworthy agent. you can have this scenario both online and off. > how does being online solve the problem of a compromised issuing > authority?
the justification for having offline credentials typically has been because 1) the technology isn't available for doing an online infrastructure for accessing the real data or 2) the value of the operation doesn't justify the cost & expense of having a real online infrastructure. the statement was that most modern day infrastructures have gone to real online operations where the real information is accessed rather than substitute offline credential .... this transition has been 1) the online technology to access the real information is becoming more ubiquitous, 2) the cost of doing online access to the real information has been dropping, 3) many of the security sensitive infrastructures realize that they now can easily justify any incremental expense of full online operation (including the additional benefits of being able to analyze activity across multiple sequences of security related events ... rather than each individual security event occuring in offline isolation purely based on the contents of the offline credential). I've frequently explained the analogy that offline credentials are basically a read-only cache of the real information stored in a repository some place. they are a direct analogy (modulo possibly the read-only characteristics) of distributed cpu cache/memory, distributed databases, ... any kind of distributed operation where specific activities go on referencing in isolation the local read-only copy. so if you physically compare direct access operation to the real information (including the ability to have a global view of operations across individual events and be able to re-act and correct in real time) ... vis-a-vis offline, isolated, distributed operation involving the copies .... there are a significantly larger number of places that directly touch the distributed read-only copies which can possibly result undetected corruption (compared to direct accesses to the real information). it isn't that there aren't touch points that can corrupt the real information ... it is just that there possibly are several orders of magnitude fewer touch points that can corrupt the real information. in a PKI, certification authority operations ... 1) the "real information" is the authoritative agency responsible for the actual information. 2) typically a certification authority then will create its own repository operation duplicating the real information 3) it creates a certificate containing some subset of the real information which is relatively freely released to the world. the issue is that in the real respository #1 and possibly any certification authority's shadow #2, the possible value of criminal corruption of the real information is a lot higher ... but there tends to be significantly larger number of security countermeasures against there being any sort of corruption. the individual certificate copies released into the wild tends to have much fewer countermeasures and a much large number of infrastructure attack points. in the case of the original ... the information is either correct or it is not correct. in the offline credential copy ... the offline credential copy can 1) be a copy of incorrect information (from the original) or 2) possibly be one of many counterfeit copies containing fraudulent information. so the online infrastructure is not concerned about there being counterfeit copies of the information or ficticious counterfeits (of information that doesn't even exist at the original) ... because copies don't exist. online infrastructure, however is concerned about valid authentication and the counterfeiting of valid authentication information. i contend that this is a much narrower exposure than the exposure of having generalized counterfeit information floating around random locations in the infrastructure. furthermore, the online infrastructure has much greater capability for tracking and potentially recognizing counterfeit authentication operation and furthermore, being able to react to it in real time. So somewhat after I was making statements about online infrastructure having much fewer and narrower corruption points, having more capability for recognizing compromises (being able to analyze patterns across multiple security related events) and doing real-time re-acting ... there started appearing things like OCSP. However, i claim that if you can do an a real-time, online operation ... you are incurring the majority of the expense of doing a real-time, online operation ... and therefor you would have much higher integrity simply transitioning to a real-time, online operation ... and eliminate the offline information that is floating around out in the wild. slightly related recent posting regarding sanity check about whether you have a fundamental online system or a fundamental offline system ... and if you have a fundamental online system ... then it is trivial to show that digital certificates are redundant and superfluous in a fundamental online system, and if you can show digital certificates are redundant and superfluous in a fundamental online system ... then you can also show that certification authorities and PKI are also redundant and superfluous. http://www.garlic.com/~lynn/2005n.html#33 X509 digital certificate for offline situation http://www.garlic.com/~lynn/2005n.html#43 X509 digital certificate for offline situation aka ... fundamentally digital certificates were designed to specifically address the offline situation. frequently the use of digital certificates in online situations are contrived and results in being able to trivially show that they are redundant and superfluous. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
