Ed Gerck wrote:
 > Depends on your use. An X.509 identity cert or a PGP cert
> can be made as secure as you wish to pay for. The real
> question, however, that is addressed by the paper is
> how useful are they in terms of email security? How do
> you compare them and which one or which product to choose
> from? What are the trade-offs?

i've periodically written on security proportional to risk ... small sample
http://www.garlic.com/~lynn/2001h.html#61

then the issue is what security are you interested in and what are the
threat models and corresponding countermeasures.

in the security pain model

P .. privacy
A .. authentication
I .. integrity
N .. non-repudiation

you may need authentication and integrity (say from digital signature)
but not necessarily privacy/confidentiality.

in normal ongoing email, there is a lot of repeated stuff and/or
out-of-band stuff ... that makes certificates redundant and superfluous
... they are targeted at the letters of credit/introduction paradigm
from the sailing ship days. certificates basically are representations
of some certifying process performed by a certification authority. the
integrity and security of the certificate itself may have absolutely
nothing to do with the integrity and security of the certification
business process ... minor drift in sci.crypt
http://www.garlic.com/~lynn/2005u.html#9 PGP Lame question

furthermore, the whole complexity and series of processes involved in a
PKI-based infrastructure may have the certificates themselves totally
redundant and superfluous because the recipient has numerous other
indicators that they know who it is that they are dealing with. the
introductioin of PKI and certificates in such an environment may
actually create greater vulnerabilities ... since it may convince the
recipient to trust the PKI operation more than they trust their own,
direct knowledge ... and the PKI operation opens up more avenues of
compromise for the attackers.

... there is even a slightly related article that i ran across yesterday:

An Invitation to Steal; The more you automate your critical business
processes, the more vigilant you need to be about protecting against
fraud
http://www.cio.com.au/index.php/id;1031341633;fp;4;fpid;18

.....

the other issue in digital signature based operation is that it is a
part of 3-factor authentication
http://www.garlic.com/~lynn/subpubkey.html#3factor

* something you have
* something you know
* something you are

where the fundamental linchpin for the whole operation is the protection
and confidentiality of the private key. unfortuantely almost all digital
signature operations tend to talk about the integrity and security of
the PKI operation and its certificates ... when they should be talking
about the integrity and security of the private keys and the
integrity and security of the digital signing environment.

i've sporadically gone so far as to assert that the focus on the
integrity and security of PKI and certificates results in obfuscating
the fundamental integrity and security issues with private keys and
digital signing environments (aka long before anybody is talking about
the integrity of the certificates ... they should have resolved that the
private keys are only available in hardware tokens of known and specific
integrity characteristics).

The whole PKI and certificate operation having a design point of
resolving first time interaction between complete strangers (as in the
letters of credit/introduction paradigm from sailing ship days) and
should come after the basic underlying infrastructure isssues involving
trusted communication between two entities has first been resolved
(whether it is first time communication between complete strangers or
not ... which then can be layered on top of a sound infrastructure that
has its fundamental operations already resolved).

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to