Ed Gerck wrote: > Depends on your use. An X.509 identity cert or a PGP cert > can be made as secure as you wish to pay for. The real > question, however, that is addressed by the paper is > how useful are they in terms of email security? How do > you compare them and which one or which product to choose > from? What are the trade-offs?
i've periodically written on security proportional to risk ... small sample http://www.garlic.com/~lynn/2001h.html#61 then the issue is what security are you interested in and what are the threat models and corresponding countermeasures. in the security pain model P .. privacy A .. authentication I .. integrity N .. non-repudiation you may need authentication and integrity (say from digital signature) but not necessarily privacy/confidentiality. in normal ongoing email, there is a lot of repeated stuff and/or out-of-band stuff ... that makes certificates redundant and superfluous ... they are targeted at the letters of credit/introduction paradigm from the sailing ship days. certificates basically are representations of some certifying process performed by a certification authority. the integrity and security of the certificate itself may have absolutely nothing to do with the integrity and security of the certification business process ... minor drift in sci.crypt http://www.garlic.com/~lynn/2005u.html#9 PGP Lame question furthermore, the whole complexity and series of processes involved in a PKI-based infrastructure may have the certificates themselves totally redundant and superfluous because the recipient has numerous other indicators that they know who it is that they are dealing with. the introductioin of PKI and certificates in such an environment may actually create greater vulnerabilities ... since it may convince the recipient to trust the PKI operation more than they trust their own, direct knowledge ... and the PKI operation opens up more avenues of compromise for the attackers. ... there is even a slightly related article that i ran across yesterday: An Invitation to Steal; The more you automate your critical business processes, the more vigilant you need to be about protecting against fraud http://www.cio.com.au/index.php/id;1031341633;fp;4;fpid;18 ..... the other issue in digital signature based operation is that it is a part of 3-factor authentication http://www.garlic.com/~lynn/subpubkey.html#3factor * something you have * something you know * something you are where the fundamental linchpin for the whole operation is the protection and confidentiality of the private key. unfortuantely almost all digital signature operations tend to talk about the integrity and security of the PKI operation and its certificates ... when they should be talking about the integrity and security of the private keys and the integrity and security of the digital signing environment. i've sporadically gone so far as to assert that the focus on the integrity and security of PKI and certificates results in obfuscating the fundamental integrity and security issues with private keys and digital signing environments (aka long before anybody is talking about the integrity of the certificates ... they should have resolved that the private keys are only available in hardware tokens of known and specific integrity characteristics). The whole PKI and certificate operation having a design point of resolving first time interaction between complete strangers (as in the letters of credit/introduction paradigm from sailing ship days) and should come after the basic underlying infrastructure isssues involving trusted communication between two entities has first been resolved (whether it is first time communication between complete strangers or not ... which then can be layered on top of a sound infrastructure that has its fundamental operations already resolved). --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]