A crazy thought?

Sat, 26 May 2007 18:08:28 -0700 

Hi Gang,
In a class I was in today a statement was made that there is no way that anyone could present someone else's digital signature as their own because no one has has their private key to sign it with. This was in the context of a CA certificate which had it inside. I tried to suggest that there might be scenarios that could accomplish this but was told "impossible." Not being totally clear on all the methods that bind the digital signature to an identity I let it be; however, the "impossible" mantra got me to thinking about it and wondering what vectors might make this possible. 


Validating a digital signature requires getting the public key from 
some source, like a CA, or a publicly accessible database and 
decrypting the signature to validate that the private key associated 
with the public key created the digital signature, or "open message."



Which lead me to the thought of trust in the repository for the 
public key. Here in the USA, there is a long history of behind the 
scenes "cooperation" by various large companies with the forces of 
the law, like the wiretap in the A&TT wire room, etc.



What is to prevent this from happening at a CA and it not being 
known for a lengthy period of time? Jurors have been suborned for 
political reasons, why not CAs? Would you, could you trust a CA 
based in a country with a low ethics standard or a low regard for 
human rights?



Which lead me to the thought that if it is possible, what could be 
done to reduce the risk of it happening?



It occurred to me that perhaps some variation of "separation of 
duties" like two CAs located in different political environments 
might be used to accomplish this by having each cross-signing the 
certificate so that the compromise of one CA would trigger an 
invalid certificate. This might work if the compromise of the CA 
happened *after* the original certificate was issued, but what if 
the compromise was long standing? Is there any way to accomplish this?


Thoughts?

Best to all,

Allen

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]






















					Reply via email to