To:
Steve Hanna <steve.hanna@sun.com>
Cc:
Simon Josefsson <simon+keydist@josefsson.org>, Edward Lewis <lewis@tislabs.com>, keydist@cafax.se
From:
Derek Atkins <warlord@MIT.EDU>
Date:
14 Jan 2002 17:34:59 -0500
In-Reply-To:
<3C433F20.7F829444@sun.com>
Sender:
owner-keydist@cafax.se
User-Agent:
Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7
Subject:
Re: looking for draft volunteers
Steve Hanna <steve.hanna@sun.com> writes:
> Let's get concrete. When retrieving certs over LDAP, you don't ask
> for a specific cert. You search for the proper directory entry (one
Right, and mallet intercepts your directory query and returns you
a "false" certificate.
> with a mail attribute of steve.hanna@sun.com, for instance) and
> then retrieve the certs stored in that entry (in the userCertificate
> attribute). You don't trust any of those certificates unless you
> can establish and validate a path to one of your trust anchors.
Right, and the certificate that Mallet returns to you is signed by
your joe-random-CA trust anchor instead of your major-mongo-CA trust
anchor. You've just been cracked. Welcome to the world of untrusted
referrals.
> If you're running even a moderately secure PKI, you will not have
> hundreds of trust anchors. You'll have one trust anchor. That trust
If you only have one trust anchor, why not make that trust anchor DNS?
The whole point to this exercise was your requirement of having
multiple, configurable trust anchors. However, if you want a globally
useful system, you basically are going to require a hundred global
trusted anchors. Look at what Netscape and IE have done.
Unfortunately, that's exactly what happens when you want a globally
accessible system.
If I can only authenticate the certificate for steve.hanna@sun.com if
I have the Sun.COM CA cert pre-loaded on my system, I've already lost.
I've lost because that does not scale. It doesn't scale because
tomorrow, when I want to send a message to my.friend@sgi.com, I need
the sgi.com CA cert, and you need the MIT.EDU CA Cert to send back
to me. And we've now reverted back to hundreds of CAs.
Unless, of course, we have a single CA that we can all trust. And
quite honestly the only central authority that anyone in the internet
has any trust in at the moment (albeit very little trust) is the DNS
root.
> To summarize: If your PKI is any good, you don't need DNSSEC or
> LDAP over TLS to securely establish a key. If your PKI isn't any
> good, why bother having one?
*snicker* I think you've been in a research lab too long and have
forgotten what it's like out in the real world. Unfortunately what
you consider "any good" is not what is currently deployed. And if
someone COULD deploy something that you consider "real good", then
why couldn't they deploy that _as_ DNSSEC?
> -Steve
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available