RE: German Key Usage

[Robert Moskowitz <rgm-sec@xxxxxxxxxxxxxxx>]

At 05:53 PM 8/14/98 -0400, Flanigan, Bill wrote:

>	This is just the start of "our" key collection.  Not only do we 
>have three (and counting) for PKIs, we have two (and counting?) for IPSec, 
>one (and counting for TLS?), etc.  Whatever happened to the concept of just 
>(gasp) two keys, one for Dsigs and the other for enciperment?  Even that's 
>enough to choke the infrastructure.
>	Comments?
Yes bill:

>From CRYPTO-GRAM, August 15, 1998

>"Protocol Interactions and the Chosen Protocol Attack"
>
>J. Kelsey, B. Schneier, and D. Wagner, Security Protocols, 5th 
>International Workshop April 1997 Proceedings, Springer-Verlag, 1998, pp.
91--104. 
>
>Many systems use the same crypto keys for different protocols (e.g. both
SSL and S/MIME use the same public-key certificate).  This paper presents
attacks on protocol interactions.  An attacker can create a new protocol
that is individually strong, but which breaks a target protocol when both
are run using the same keys.  The paper concludes with a discussion of
design principles to resist this class of attack.
>
>
>http://www.counterpane.com/chosen_protocol.html
>

So this might actually be the right thing to do....



Robert Moskowitz
ICSA
Security Interest EMail: rgm-sec@htt-consult.com