Re: Need objective arguments against double certificate
Hello coco, coco coco wrote: User's keys are escrowed in a central database, completely separated from the application system (physically and logically, on a remote site). The escrow database is encrypted with two keys (double encryption, one on top of another). The two keys are kept in USB tokens, separately, then they are kept in a safe at a trusted third-party (e.g. a bank). The 2 tokens are kept at two totally different banks. The policy is that no single person should have access to both tokens at the same time. It requires at least two dedicated officers to get both tokens. This looks like a shared secret. Perhaps you should do it that way. In your actual method you need all parties to be active So you are hosed if one key gets lost. A real shared secret model would be able to allow an n of m implementation: From a group of m participants you need at least n individuals to access the data. If you really only want two keys, you can use the simplest encryption method of all: XOR: 1. KEY1 = true random data with length of real data 2. KEY2 = KEY1 XOR real data simple and really really fast. Bye Goetz -- DMCA: The greed of the few outweighs the freedom of the many smime.p7s Description: S/MIME Cryptographic Signature
RE: Need objective arguments against double certificate
The exchange below actually reflects what I think is the strongest argument against the proposed design change. Successful businesses always prefer what works to something new or innovative. With security, that tendency should be even stronger, since an architecture can only be considered secure after it is widely know and many experts have unsuccessfully tried to discover weaknesses with it. I would ask the consultant for a list of other organizations (preferably where he/she did not influence the design) that use the proposed model. The model used by organizations that require the strongest security, such as banking and the military, is the one your organization should adopt if you want to convince customers that you provide the same level of security. Claiming you have something better is an automatic red flag to any potential customers with even minimal security experience. Brant Thomsen Sr. Software Engineer Wavelink Corporation -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of coco coco Sent: Thursday, June 16, 2005 9:20 PM To: openssl-users@openssl.org Subject: RE: Need objective arguments against double certificate Pease help to fill in items that I might have missed :) The security risk that this non-standard scheme might introduce an unforseen vulnerability. This is, IMO, as likely as that it will protect against some unforseen vulnerability -- the alleged reason for the scheme. Hehe, I was trying really hard to put this issue into some tangible numbers :) There is always security risk related to the design, to the implementation, to the administration, etc. From all the books/sources I've learned crypto and security (including topics on information system auditing and assurance, information security risk assessment), I couldn't find any systematic methodology to estimate this. Everyone is talking about it in bulleted items, kinda subjective. This seems to come only with experience, and learn the hard way after screwing up a couple of times, or something. I don't know, I'm working on estimating the potential consequences of a security breach. But this is way beyond my knowledge/experience/expertise. And this is really on a case by case basis, no book can teach me that, I guess. thanks _ Is your PC infected? Get a FREE online computer virus scan from McAfee Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Need objective arguments against double certificate
On Fri, Jun 17, 2005 at 08:21:41AM -0600, Brant Thomsen wrote: The exchange below actually reflects what I think is the strongest argument against the proposed design change. Successful businesses always prefer what works to something new or innovative. With security, that tendency should be even stronger, since an architecture can only be considered secure after it is widely know and many experts have unsuccessfully tried to discover weaknesses with it. I would ask the consultant for a list of other organizations (preferably where he/she did not influence the design) that use the proposed model. The model used by organizations that require the strongest security, such as banking and the military, is the one your organization should adopt if you want to convince customers that you provide the same level of security. Claiming you have something better is an automatic red flag to any potential customers with even minimal security experience. The problem is that the consultant is *trying* to recommend a standard best-practice, but he/she is getting it dreadfully wrong, by confusing certificates with keys. People often say certificate when they mean key (keys are free, but certificates cost money), but in this case the distinction really matters. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Need objective arguments against double certificate
Thanks all for replying. More heated debates I guess. How can there be a heated debated when there is not yet one argument advanced in favor of the double certificate scheme? DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Need objective arguments against double certificate
In message [EMAIL PROTECTED] on Tue, 14 Jun 2005 00:14:54 -1000, coco coco [EMAIL PROTECTED] said: coconut_to_go We called it bullshit, and were having a hot debate, coconut_to_go most people (the technical people) are opposed to that, coconut_to_go saying that there is nothing secure about this scheme. coconut_to_go If you want to separate the signature key from the coconut_to_go encryption key, you should have 2 keys, and not one key coconut_to_go with 2 certificates. This does not make any sense. Like everyone else, I say this consultant doesn't know what he's talking about (I'm tempted to ask you to tell me who it is, so I can avoid him/her). Can I suggest a different line of attack, though? It's obvious that confronting the consultant by calling bull doesn't win you any points, so how about simply asking the consultant how, exactly, the double certificate scheme increases security. And do not let yourself be satisfied with a half ass answer. coconut_to_go The CEO said he trusts the security expert, and if we coconut_to_go want to change that, we need to come up with better coconut_to_go arguments than that. I'd ask the CEO up front on what grounds he trusts that consultant. coconut_to_go But the annoying thing is, the 2 certificates do not coconut_to_go even specify usage attributes correctly. And our coconut_to_go security expert said it does not matter, we (the coconut_to_go programmers) have to figure that out, which cert is coconut_to_go used for signature and which one is used for encryption. This is just further proof that consultant doesn't know squat what he or she is talking about. Cheers, Richard - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up. -- C.S. Lewis __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Need objective arguments against double certificate
Thanks all for replying. More heated debates I guess. How can there be a heated debated when there is not yet one argument advanced in favor of the double certificate scheme? I got what you meant, sorry for not being clear. I meant there will be more heated debate between us (the tech people) and the consultant, I didn't mean heated debate on this list. _ Don?t just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Need objective arguments against double certificate
Like everyone else, I say this consultant doesn't know what he's talking about (I'm tempted to ask you to tell me who it is, so I can avoid him/her). Can I suggest a different line of attack, though? It's obvious that confronting the consultant by calling bull doesn't win you any points, so how about simply asking the consultant how, exactly, the double certificate scheme increases security. And do not let yourself be satisfied with a half ass answer. Hmm, I wouldn't name names, I'm just a little guy in all this. And if I can, I would have used my real name on this list already. I'm not the one presenting the arguments, I'm preparing those behind the scene for our group leader. I'm working on a spreadsheet calculator on how the cost add up for supporting non-standard scheme. This includes: - cost for extra development (code change to support double-cert, debugging, extra bugs filed related to this scheme, ...) - cost for extra testing - cost for extra certificate, given that there will be 5000+ users using the system - cost for extra management (time difference between loading standard certificate into USB token, and creating double-cert and load them into the token) - extra cost for managing extra tool - extra cost for managing certificates in this scheme, as the validity period of the 2 certs are not synced - extra cost incurred by users, as they have to remember which cert will expire when (This is not a strong one though, as we can easily add an extra function into the system to notify the user and admin that a specific cert is going to expire, and when...) - ... other smaller misc ones Pease help to fill in items that I might have missed :) I'd ask the CEO up front on what grounds he trusts that consultant. Heh, he got a phd in CS, specializing in crypto and system security :) according to what I heard. But I don't think he has ever coded anything, but we have agreed between us that we will never attack on personal ground. Keep it cool, so no one ever mentioned anything on this. coconut_to_go But the annoying thing is, the 2 certificates do not coconut_to_go even specify usage attributes correctly. And our coconut_to_go security expert said it does not matter, we (the coconut_to_go programmers) have to figure that out, which cert is coconut_to_go used for signature and which one is used for encryption. This is just further proof that consultant doesn't know squat what he or she is talking about. After a while, I noticed my arguments against this scheme got lost in the noisy room, and it kinda stuck in there as personal thinking, and not scientific. That's why I'm posting on the list if someone could provide a hint on a more scientific comparison of security analysis model (or security attack model) on the two different schemes (double cert vs standard single cert, with key separation if needed). I'm building an attack model, based on attack tree, expanding out into different routes of attacks, ... the attack tree diagram covers about 30 pages, and I'm having difficulties presenting in a short and cool ppt to the management team. Besides, I got a gut feeling that something is missing, but don't know what. I'm a programmer by profession (and like it that way), learning crypto and security by myself, just by interest. So I'm not sure I have fully grasped the best pratice of security analysis. This exercise is trying to show that there is nothing more secure with double-cert scheme. And if it can actually show that double-cert scheme is more secure, then I would've learned something too. Problem is, it involves certain details of the project, so it is not possible to show it to the public and ask for advice. And frankly, asking blank question like that would be difficult for the gurus on the list to answer too. Thanks all. coco _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Need objective arguments against double certificate
Like the commentator, I'm also a little guy. In my case, I'm a retired guy who got his intro to this stuff from Entrust. I got convinced that their two (or more) -certificate solution was right, based upon the following: If you are an employee in an organization, it is valid for the organization to have access to your DATA but not your IDENTITY should you get run over by a bus or tsunami. Two certificates, where the ENCRYPTION certificate's private key is kept by the organization is thus a valid idea. This is sometimes called Key Escrow, Key Recovery, etc. However, the organization never has a legitimate reason to sign on your behalf. Two certificates with different keys allow for this distinction. It also allows you, the employee, to reclaim old encrypted material when you lose the key. Furthermore, when the police knock down your door (as is increasingly possible in the US) and demand your encryption key so they can scan your computer, you can still keep your identity-proving key private, because one assumes they would have no reason to manufacture new data signed by you. Please note that having two certificates doesn't imply key escrow, it just allows for it to happen when appropriate. Yet, it allows for a separation of confidentiality and identity proof. David Kurn At 06:07 PM 6/16/2005, you wrote: Like everyone else, I say this consultant doesn't know what he's talking about (I'm tempted to ask you to tell me who it is, so I can avoid him/her). Can I suggest a different line of attack, though? It's obvious that confronting the consultant by calling bull doesn't win you any points, so how about simply asking the consultant how, exactly, the double certificate scheme increases security. And do not let yourself be satisfied with a half ass answer. Hmm, I wouldn't name names, I'm just a little guy in all this. And if I can, I would have used my real name on this list already. I'm not the one presenting the arguments, I'm preparing those behind the scene for our group leader. I'm working on a spreadsheet calculator on how the cost add up for supporting non-standard scheme. This includes: - cost for extra development (code change to support double-cert, debugging, extra bugs filed related to this scheme, ...) - cost for extra testing - cost for extra certificate, given that there will be 5000+ users using the system - cost for extra management (time difference between loading standard certificate into USB token, and creating double-cert and load them into the token) - extra cost for managing extra tool - extra cost for managing certificates in this scheme, as the validity period of the 2 certs are not synced - extra cost incurred by users, as they have to remember which cert will expire when (This is not a strong one though, as we can easily add an extra function into the system to notify the user and admin that a specific cert is going to expire, and when...) - ... other smaller misc ones Pease help to fill in items that I might have missed :) I'd ask the CEO up front on what grounds he trusts that consultant. Heh, he got a phd in CS, specializing in crypto and system security :) according to what I heard. But I don't think he has ever coded anything, but we have agreed between us that we will never attack on personal ground. Keep it cool, so no one ever mentioned anything on this. coconut_to_go But the annoying thing is, the 2 certificates do not coconut_to_go even specify usage attributes correctly. And our coconut_to_go security expert said it does not matter, we (the coconut_to_go programmers) have to figure that out, which cert is coconut_to_go used for signature and which one is used for encryption. This is just further proof that consultant doesn't know squat what he or she is talking about. After a while, I noticed my arguments against this scheme got lost in the noisy room, and it kinda stuck in there as personal thinking, and not scientific. That's why I'm posting on the list if someone could provide a hint on a more scientific comparison of security analysis model (or security attack model) on the two different schemes (double cert vs standard single cert, with key separation if needed). I'm building an attack model, based on attack tree, expanding out into different routes of attacks, ... the attack tree diagram covers about 30 pages, and I'm having difficulties presenting in a short and cool ppt to the management team. Besides, I got a gut feeling that something is missing, but don't know what. I'm a programmer by profession (and like it that way), learning crypto and security by myself, just by interest. So I'm not sure I have fully grasped the best pratice of security analysis. This exercise is trying to show that there is nothing more secure with double-cert scheme. And if it can actually show that double-cert scheme is more secure, then I would've learned something too. Problem is, it involves certain details of the project, so it is
Re: Need objective arguments against double certificate
On Thu, Jun 16, 2005 at 06:33:53PM -0700, david wrote: Like the commentator, I'm also a little guy. In my case, I'm a retired guy who got his intro to this stuff from Entrust. I got convinced that their two (or more) -certificate solution was right, based upon the following: You say (loosely) two certificates, but you reall mean two key pairs with a corresponding certificate for each public key. Two certificates for the same key (signing cert vs. encryption cert) are snake oil at best. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Need objective arguments against double certificate
Pease help to fill in items that I might have missed :) The security risk that this non-standard scheme might introduce an unforseen vulnerability. This is, IMO, as likely as that it will protect against some unforseen vulnerability -- the alleged reason for the scheme. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Need objective arguments against double certificate
Yes, Viktor... you are right. Two certificates with the same keys is ... as you say One of these days, I'll figure out how to write what I really mean, instead of assuming that all readers have the same context as I do. And that retirement was (how shall I put it) ... non-voluntary. At 07:20 PM 6/16/2005, you wrote: On Thu, Jun 16, 2005 at 06:33:53PM -0700, david wrote: Like the commentator, I'm also a little guy. In my case, I'm a retired guy who got his intro to this stuff from Entrust. I got convinced that their two (or more) -certificate solution was right, based upon the following: You say (loosely) two certificates, but you reall mean two key pairs with a corresponding certificate for each public key. Two certificates for the same key (signing cert vs. encryption cert) are snake oil at best. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Need objective arguments against double certificate
Pease help to fill in items that I might have missed :) The security risk that this non-standard scheme might introduce an unforseen vulnerability. This is, IMO, as likely as that it will protect against some unforseen vulnerability -- the alleged reason for the scheme. Hehe, I was trying really hard to put this issue into some tangible numbers :) There is always security risk related to the design, to the implementation, to the administration, etc. From all the books/sources I've learned crypto and security (including topics on information system auditing and assurance, information security risk assessment), I couldn't find any systematic methodology to estimate this. Everyone is talking about it in bulleted items, kinda subjective. This seems to come only with experience, and learn the hard way after screwing up a couple of times, or something. I don't know, I'm working on estimating the potential consequences of a security breach. But this is way beyond my knowledge/experience/expertise. And this is really on a case by case basis, no book can teach me that, I guess. thanks _ Is your PC infected? Get a FREE online computer virus scan from McAfee Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Need objective arguments against double certificate
Like the commentator, I'm also a little guy. In my case, I'm a retired guy who got his intro to this stuff from Entrust. I got convinced that their two (or more) -certificate solution was right, based upon the following: If you are an employee in an organization, it is valid for the organization to have access to your DATA but not your IDENTITY should you get run over by a bus or tsunami. Two certificates, where the ENCRYPTION certificate's private key is kept by the organization is thus a valid idea. This is sometimes called Key Escrow, Key Recovery, etc. However, the organization never has a legitimate reason to sign on your behalf. Two certificates with different keys allow for this distinction. It also allows you, the employee, to reclaim old encrypted material when you lose the key. Furthermore, when the police knock down your door (as is increasingly possible in the US) and demand your encryption key so they can scan your computer, you can still keep your identity-proving key private, because one assumes they would have no reason to manufacture new data signed by you. Please note that having two certificates doesn't imply key escrow, it just allows for it to happen when appropriate. Yet, it allows for a separation of confidentiality and identity proof. Well, actually, key escrow was designed in the system from the beginning. For a shameless plug, this scheme is designed by myself. I'm giving a brief description here, so you guys can help to see if that makes sense. User's keys are escrowed in a central database, completely separated from the application system (physically and logically, on a remote site). The escrow database is encrypted with two keys (double encryption, one on top of another). The two keys are kept in USB tokens, separately, then they are kept in a safe at a trusted third-party (e.g. a bank). The 2 tokens are kept at two totally different banks. The policy is that no single person should have access to both tokens at the same time. It requires at least two dedicated officers to get both tokens. There is an option too: In order to get both keys, both officers must have a dedicated third-party witness (e.g. a well-known law firm). But we are still evaluating if this option is really needed. This seems to be more of policy management issue than technical issue. The password to the token is kept with the token, in the safe at the trusted third-party. The issue seems to be with re-encryption of the escrow database. For example, if the algo is found to be broken, or if the key length is not enough anymore, then we would need to create new keys and re-encrypt the thing. This is left as open for now. That's it. Yeah, I know, you have not seen the implementation, so not fair to say if that's ok or not. This project is for a government agency, which handles very sensitive data. Sorry, this is getting into some non-sense unrelated to openssl. I'll stop here :) coco _ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Need objective arguments against double certificate
I thought the problem was that you were using the same keypair for encryption and signing. So that there really is only one key. I know, the key escrow was designed when the requirements were only for encryption only. Digital signature requirement was added when the consultant got on board. So, it was not really part of the original plan. We have not redesigned the escrow scheme, as we have not really resolve this double-cert thingy. Yeah, I agree with you, if we using the same key with 2 certs, the escrow becomes the main attack target. thanks coco _ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Need objective arguments against double certificate
On Jun 16, 2005, at 11:47 PM, coco coco wrote: For a shameless plug, this scheme is designed by myself. I'm giving a brief description here, so you guys can help to see if that makes sense. [snip] Yeah, I know, you have not seen the implementation, so not fair to say if that's ok or not. This project is for a government agency, which handles very sensitive data. Then perhaps your company should hire a security expert to design the security. Defects in portability or performance are low-risk and easily detected, and the cost scales with the time until a patch is deployed. Security vulnerabilities are much more tricky and expensive to detect and the damage may happen all at once, making them very high-risk. I understand several of the OpenSSL development team are available for consulting. Josh -- Joshua Juran Metamage Software Creations - Mac Software and Consulting http://www.metamage.com/ * Creation at the highest state of the art * __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Need objective arguments against double certificate
Then perhaps your company should hire a security expert to design the security. Defects in portability or performance are low-risk and easily detected, and the cost scales with the time until a patch is deployed. Security vulnerabilities are much more tricky and expensive to detect and the damage may happen all at once, making them very high-risk. I understand several of the OpenSSL development team are available for consulting. Well, it's not like we can do whatever we would like to. Our company is small, and only got the small part in that project. As I said in the first message, it's the CEO of that partner company which got the biggest part of the project who brought in his security expert. They are the overall lead, and we have to work with them. Even his engineers do not agree with his security consultant. What I'm doing here (working on the cost calculator, working on the analysis model, etc) is not for our company, it's for this partnering company, actually for the group leader in that company to present it to their management. We don't like to associate our name with lousy projects, that's why I'm doing what I'm doing now, and this is extra work for nothing. If we don't care, we would shut the hell up, get the thing done (whatever it is), take the money, and move on. rgds _ FREE pop-up blocking with the new MSN Toolbar ? get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Need objective arguments against double certificate
coco coco wrote: My apologies if this is not really an openssl question. Just want to get some ideas from the gurus here. There is this company (a so-called partner) which has hired an external security consultant to oversee the security of a project which makes use of crypto quite heavily. The security consultant didn't do anything else, except coming up with a scheme that requires that every key must have two certificates, one certificate used for encryption and the other used for signature. The key and certificates are stored in a USB token. The reason from the so-called security consultant was that it is more secure this way. And he got the backup from the CEO (well, the CEO brought him in). We called it bullshit, and were having a hot debate, most people (the technical people) are opposed to that, saying that there is nothing secure about this scheme. If you want to separate the signature key from the encryption key, you should have 2 keys, and not one key with 2 certificates. This does not make any sense. The CEO said he trusts the security expert, and if we want to change that, we need to come up with better arguments than that. It does not affect us too much, as we just need to modify little portion of our code (mostly java) to handle the double-certificates thingy. But the annoying thing is, the 2 certificates do not even specify usage attributes correctly. And our security expert said it does not matter, we (the programmers) have to figure that out, which cert is used for signature and which one is used for encryption. We do all kinds of tricks to handle that, and it's not even reliable. And the bad thing is that he also wants to re-engineer all other existing applications to use this double-cert scheme. Even worse, the consultant from the local CA also supports that scheme, because (well, that's understandable) the CA got to sell two certs to each user. What do you think? The prime argument against this scheme is, that it is more work (and costs more money) doing it. So the argument should be the other way round, that is why does this scheme make things more secure? It may depend on the things you are doing with the certificates/keys, but I have not managed to imagine a scenario where using two different certs (especially if issued by the same CA) for the same key do increase security... But I'm afraid that if the CEO trusts the security guy more than he trusts you, and he wants to spend the money (we have increased investments in security by 50%) you'll have a hard time finding better arguments... :-\ coco Hope it helps Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 smime.p7s Description: S/MIME Cryptographic Signature
Re: Need objective arguments against double certificate
On Tue, Jun 14, 2005 at 12:14:54AM -1000, coco coco wrote: My apologies if this is not really an openssl question. Just want to get some ideas from the gurus here. There is this company (a so-called partner) which has hired an external security consultant to oversee the security of a project which makes use of crypto quite heavily. The security consultant didn't do anything else, except coming up with a scheme that requires that every key must have two certificates, one certificate used for encryption and the other used for signature. The key and certificates are stored in a USB token. The reason from the so-called security consultant was that it is more secure this way. And he got the backup from the CEO (well, the CEO brought him in). We called it bullshit, and were having a hot debate, most people (the technical people) are opposed to that, saying that there is nothing secure about this scheme. If you want to separate the signature key from the encryption key, you should have 2 keys, and not one key with 2 certificates. This does not make any sense. You'll get more substantive support on cryptography@metzdowd.com (subscribe via [EMAIL PROTECTED]), but your analysis is correct. There are a number of attacks on RSA keys that are used to both sign and encrypt (attacker) chosen data. While these attacks can be avoided by not directly signing chosen data (rather only signing locally randomly generated session keys or hashes of data), it is indeed a sound practice to use separate keys when possible, but separate signing and encryption certificates for a single public/private key pair are nonsense. The right answer is two separate key pairs, with separate certs with correct usage bits to enforce the key purpose. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Need objective arguments against double certificate
Thanks all for replying. More heated debates I guess. _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
