To:
Steve Hanna <steve.hanna@sun.com>
Cc:
Simon Josefsson <simon+keydist@josefsson.org>, Edward Lewis <lewis@tislabs.com>, keydist@cafax.se
From:
Derek Atkins <warlord@MIT.EDU>
Date:
14 Jan 2002 17:34:59 -0500
In-Reply-To:
<3C433F20.7F829444@sun.com>
Sender:
owner-keydist@cafax.se
User-Agent:
Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7
Subject:
Re: looking for draft volunteers
Steve Hanna <steve.hanna@sun.com> writes: > Let's get concrete. When retrieving certs over LDAP, you don't ask > for a specific cert. You search for the proper directory entry (one Right, and mallet intercepts your directory query and returns you a "false" certificate. > with a mail attribute of steve.hanna@sun.com, for instance) and > then retrieve the certs stored in that entry (in the userCertificate > attribute). You don't trust any of those certificates unless you > can establish and validate a path to one of your trust anchors. Right, and the certificate that Mallet returns to you is signed by your joe-random-CA trust anchor instead of your major-mongo-CA trust anchor. You've just been cracked. Welcome to the world of untrusted referrals. > If you're running even a moderately secure PKI, you will not have > hundreds of trust anchors. You'll have one trust anchor. That trust If you only have one trust anchor, why not make that trust anchor DNS? The whole point to this exercise was your requirement of having multiple, configurable trust anchors. However, if you want a globally useful system, you basically are going to require a hundred global trusted anchors. Look at what Netscape and IE have done. Unfortunately, that's exactly what happens when you want a globally accessible system. If I can only authenticate the certificate for steve.hanna@sun.com if I have the Sun.COM CA cert pre-loaded on my system, I've already lost. I've lost because that does not scale. It doesn't scale because tomorrow, when I want to send a message to my.friend@sgi.com, I need the sgi.com CA cert, and you need the MIT.EDU CA Cert to send back to me. And we've now reverted back to hundreds of CAs. Unless, of course, we have a single CA that we can all trust. And quite honestly the only central authority that anyone in the internet has any trust in at the moment (albeit very little trust) is the DNS root. > To summarize: If your PKI is any good, you don't need DNSSEC or > LDAP over TLS to securely establish a key. If your PKI isn't any > good, why bother having one? *snicker* I think you've been in a research lab too long and have forgotten what it's like out in the real world. Unfortunately what you consider "any good" is not what is currently deployed. And if someone COULD deploy something that you consider "real good", then why couldn't they deploy that _as_ DNSSEC? > -Steve -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH warlord@MIT.EDU PGP key available