[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Private Key Cloning

To: ietf-pkix@xxxxxxx
Subject: RE: Private Key Cloning
From: "David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>
Date: Tue, 20 Jun 2000 12:33:41 -0400 (EDT)
Reply-to: "David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>

Agree that it is a problem with the architecture you and Gene describe.

But I remember an old quote (can't remember the source) -- 

  "I never met a problem that couldn't be solved with another layer
   of indirection."

You could add that layer (a self-signed TSA trust point that signs the
server keys), or you could use static load balancing - assign the first
100,000 clients to one server, then stand up another server and assign
the next 100,000 clients to it, etc.  Not pretty, but not a "nightmare"
either.

Or you could use server accelerators which allow you to import and
export private signature keys.  I'm sure there is a market for both
tokens which prevent signature key cloning and tokens which allow it,
allowing system architects to trade off technical controls with
procedural controls.  Personally, I prefer technical -- never offer
a human the opportunity to be the man-in-the-middle (or the man-at-one-end,
since spoofing a token-to-token protocol doesn't require two tokens).





> From: Michael Zolotarev <mzolotarev@baltimore.com>
> To: "David P. Kemp" <dpkemp@roadblock.missi.ncsc.mil>, ietf-pkix@imc.org
> Subject: RE: Private Key Cloning
> Date: Tue, 20 Jun 2000 10:38:35 +1000
> 
> > 
> > And it doesn't seem to present insurmountable obstacles to load
> > balancing ... why shouldn't each server have its own signature key?
> > Is there a reason not to use N certificates with identical
> > distinguished names and different public keys?
> > 
> 
> I can see a problem with it with self-signed TSA certificates. Normally, a
> client would be configured to directly trust THAT [self-signed] TSA cert.
> Having a set of self-signed TSA certificates would be a configuration
> nightmare for the clients. And then you add another crypto box to your load
> balancing array on TSS, and then another one...
> 
> M
> 
> 
> *****************************************************************************
> This confirms that this email message has been swept by
> MIMEsweeper for the presence of computer viruses.
> ******************************************************************************

Follow-Ups:
- RE: Private Key Cloning
  - From: Tony Bartoletti

Prev by Date: Re: Can we form certificates with just name and e-mail address
Next by Date: Re: Private Key Cloning
Previous by thread: Re: Private Key Cloning
Next by thread: RE: Private Key Cloning
Index(es):
- Date
- Thread