[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: AW: self-signed TSA [Was Re: Private Key Cloning]

To: Simon McMahon <simon@xxxxxxxxxxxxxxx>, Jean-Marc Desperrier <jean-marc.desperrier@xxxxxxxxxxxx>, ietf-pkix@xxxxxxx
Subject: RE: AW: self-signed TSA [Was Re: Private Key Cloning]
From: Michael Zolotarev <mzolotarev@xxxxxxxxxxxxx>
Date: Thu, 22 Jun 2000 14:06:28 +1000

> 
> Michael wrote:
> >
> > If we forget for a moment about what the draft says 
> (please): what is
> wrong
> > with using a TSA key for signing 'something that is not a 
> time-stamp'? I
> do
> > not see anything criminal about that. Especially if the case is
> well-defined
> > and justified.
> >
> The draft obviously said it for a reason but to answer "what is wrong
> with using a TSA key for signing 'something that is not a 
> time-stamp'?"
> 
> 1.    Its good security policy to restrict usage of 
> particularly sensitive
> keys.
> 
Use a TSA key for signing timestamps and for signing a TSA's own certificate
is still within well-defined and restricted scope of use. The use of the key
IS STILL WELL RESTRICTED.

> The ultimate restriction is one exclusive use which is the 
> state of the
> draft now.
> You should show a very good reason to weaken that

Self-signed TSA cert is a very good reason to me.

> or show that the new usage has negligable impact. If you do this then an
attack on 
> certificate signing keys will be useful as an attack on time-stamp 
> signing keys since time-stamp signing keys can also sign certificates.

Do you mean that using a particular key to produce N signatures (timestamps)
as compared to producing N+1 signatures (timestamps and a self-signed TSA
cert) makes an attack any easier? I doubt it.

> 
> 2.    It couples the primary TSA service (making timestamps) with a CA
>         service (making certificates).
> 

Do not agree here. Issuing a self-signed cert by no means makes an entity a
CA. TSA does not become a CA, and it does not need to become one, simply for
the fact that it has a self-signed cert. No no no :).

> I'm not sure that the intention is for TSAs to always be CAs 
> or vice versa.
> If CAs and TSAs will be operated, managed and owned seperately then it
> is good that their services are not too coupled or intertwined.
> 
> Also, if TSAs will be subject to formal evaluation "torture" 
> then the less
> services and complications they include the less the torture 
> will be. Both
> uses of the private key, time-stamp signing and certificate 
> signing, will
> need to be evaluated.

Ok, lets go for it:
1. Self-signed TSA cert. You have to evaluate your secure signing
environment. Which is the same for generating timestamps and for generation
a self-signed cert.
2. Not self-signed TSA cert. You have to evaluate your secure timestamp
signing environment AND whatever mechanism you (or whoever else) employed to
issue TSA a certificate.

What is easier? (1) is sure looks simpler to me.

Regards
Michael

> 
> 
> Regards,
> 
> Simon.
> 
>

Follow-Ups:
- Re: AW: self-signed TSA [Was Re: Private Key Cloning]
  - From: Simon McMahon

Prev by Date: RE: certification for pki
Next by Date: RE: AW: self-signed TSA [Was Re: Private Key Cloning]
Previous by thread: Re: AW: self-signed TSA [Was Re: Private Key Cloning]
Next by thread: Re: AW: self-signed TSA [Was Re: Private Key Cloning]
Index(es):
- Date
- Thread