Re: [IETF-PKIX] Key Identifiers

[Tony Bartoletti <azb@xxxxxxxx>]

At 11:02 AM 4/20/98 -0600, Bob Jueneman wrote:
>Ian,
>
>I assume that you are not attacking the public keys directly, but rather
hoping that someone used a poor random number generator in generating them?
 Even so, this siounds more like a denial of service attack than a
cryptanalytic attack.
>
>Bob 

Bob,

I think Ian is saying that if one generates a key-pair, and given a Key-ID
is a hash or otherwise deterministic function of the public key, one could
query the universe of certified keys and perhaps, by chance, come across
a certificate (perhaps your certificate) with matching key-ID and public
key, and thereby deduce that they have your private key.

Personally, I believe (hope?) that the space of possible key-pairs is
so very large that even 200 million is a very minute fraction of the
space, too sparce to hope for a random match.  But then, I haven't done
the math yet.

I don't see the lookup as a denial of service, (it amazes me how search-
engines have done such efficient pre-indexing that they can quickly repond
with "1,254,867 documents matched you query.  Next 10 matches?")

Of course, if I have your private key, it is compromised.  So I could send
a signed "revoke this key" message to the CA.  I suppose that would be a
charitable form of denial of service.

___tony___

Tony Bartoletti                                             LL
SPI-NET GURU                                             LL LL
Computer Security Technology Center                   LL LL LL
Lawrence Livermore National Lab                       LL LL LL
PO Box 808, L - 303                                   LL LL LLLLLLLL
Livermore, CA 94551-9900                              LL LLLLLLLL
email: azb@llnl.gov   phone: 510-422-3881             LLLLLLLL