On 14 Feb, 2012, at 5:58 PM, Steven Bellovin wrote:
> The practical import is unclear, since there's (as far as is known) no
> way to predict or control who has a bad key.
>
> To me, the interesting question is how to distribute the results. That
> is, how can you safely tell people "you have a bad key", without letting
> bad guys probe your oracle. I suspect that the right way to do it is to
> require someone to sign a hash of a random challenge, thereby proving
> ownership of the private key, before you'll tell them if the
> corresponding public key is in your database.
Yeah, but if you're a bad guy, you can download the EFF's SSL Observatory and
just construct your own oracle. It's a lot like rainbow tables in that once you
learn the utility of the trick, you just replicate the results. If you
implement something like the Certificate Transparency, you have an
authenticated database of authoritative data to replicate the oracle with.
Waving my hand and making software magically appear, I'd combine Certificate
Transparency and such an oracle be combined, and compute the status of the key
as part of the certificate logs and proofs.
Jon
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
