[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: NEW Data type for certificate selection ?

To: "'Ed Gerck'" <egerck@xxxxxxxxxxxxxxxxxxx>, "'Stefan Santesson'" <stefan@xxxxxxxxxxx>
Subject: RE: NEW Data type for certificate selection ?
From: Anders Rundgren <anders.rundgren@xxxxxxxxxx>
Date: Thu, 1 Oct 1998 09:07:20 +0200
Cc: "'ietf-pkix@xxxxxxx '" <ietf-pkix@xxxxxxx>
Sender: owner-ietf-pkix@xxxxxxx

Hi Ed,
>Your suggestion:
>
>The solution is to add "salt" -- like it is done in UNIX passwords.
>For example, you can add 50 chars of salt or as many as you want -- a
>passphrase. The point here is that since you know the SSN and the
>salt, no one else can guess the SSN from a dictionary attack on only
>9 digits. Better still, you can change the hash in a new cert and
>keep the SSN constant, by changing the salt, so no one can verify
>your SSN in a new cert without your cooperation.

As my countryman Stefan already pointed out we can argue for centuries about the
use of SSNs or as I would call them: PPIT - Persistent Personal Identity Tag.

Assuming that you *actually* *have* *such* *a* *scheme* you loose all the benefits of
PPITs by applying your "salted" methods to PPITs.  PPITs are not only designed to
make big-brothers job easier :-), but to allow users to authenticate themselves
using a valid certificate (be it electronical or physical) where the certificate
receiver only must know what issuers (and domain) to trust.  This is a major benefit for
all parties as you can have a life-time password/userid replacement with
full security (technically speaking) independent on actual certificate.  It simply
cuts costs and confusion (at the expense of personal integrity).   If this is
good or not is something the market (and in some cases national laws)
will decide. My personal opinion is that if successful PKIs (Stefan!) are
established based on PPITs the disbeliveers *may* change their mind.

The general-purpose browser solution is as follows:

The authenticating server may surely *suggest* a list of possible certificate types
that it may accept because it is always *you* (the user) that should manually
select the proper one.  In case you feel that a cert with PPIT could create a disaster
if you accidentally gave it to a wrong server the solution would be to have a local
(user-defined) set of valid servers (i.e. their public keys).

To insert a new server would require a few more clicks.  I.e. similar to ActiveX
controls or signed Java Applets.  Such servers would typically be
governmental (who gave you the PPIT) and a *few* other parties that
you hopefully trust like your bank or employer.   A similar scheme could be used
for defining a list of valid receivers of mail signed with a cert containing an PPIT
(or other sensitive information). 

Anders Rundgren
Senior Internet E-commerce Architect

Follow-Ups:
- RE: NEW Data type for certificate selection ?
  - From: Ed Gerck

Prev by Date: Re: NEW Data type for certificate selection ?
Next by Date: Re: NEW Data type for certificate selection ?
Previous by thread: RE: NEW Data type for certificate selection ?
Next by thread: RE: NEW Data type for certificate selection ?
Index(es):
- Date
- Thread