[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CyberPhone Trust Propagation Was: A $25,000,000,000 PKI

To: "Anders Rundgren" <anders.rundgren@xxxxxxxxxx>
Subject: Re: CyberPhone Trust Propagation Was: A $25,000,000,000 PKI
From: Stephen Kent <kent@xxxxxxxxxxx>
Date: Fri, 9 Apr 1999 16:24:15 -0400
Cc: <ietf-pkix@xxxxxxx>, <list@xxxxxxxxxxxxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

Anders,

<snip>

>Now to the scenarios presented on my web (Shared Certificates
>and Dynamic Certificates) that represent two much more complicated situations
>that an open environment introduce.
>
>If those scenarious introduce trust propagation it would mean that the
>intermediary
>private key server performed something on behalf of the client.  But, IT
>IS THE
>OTHER WAY AROUND!  It is the intermediary server that grants a client the
>right
>to perform a purchase on the servers behalf.  Yes, when you purchase for a
>company
>it is the company that buys.  That the purchase was initiated by the
>client does
>not change this a single bit.  A company assumes that you do your work  -
>not that it has
>to screem and shout to make you perform!  And you have in this role
>obligations
>only to your company (=server).

It is not the server that grants the user the right to purchase, it is the
company.  The company can choose to do this in various ways, as described
in earlier messages.  Your approach introduces added vulnerabilities into
the system, realtive to a model in which the purchasing agent directly
controls his/her private key.

>That is why CyberPhone does not break any (of the mostly unwritten) rules
>regarding
>key use and trust.
>
>It does though assume that a server and private keys stored on it can be
>responsible
>in the same way as a natural person.  As I wrote in another posting this
>is what is
>happening all the time (except for signatures that are not yet
>implemented) in automated
>invoicing systems so there is "Nothing new under the Sun".

Servers are not principles (a security term of art), i.e., they are not
accountable entities.  Only people are. Putting a collection of private
keys on a server creates a new opportunity for someone other than the
accountable entity (user) to cause objects to be signed on behalf of the
user.  yes, many automated systems in the current environemnt offer poor
security, such as the one you describe.  I hate to see the veneer of PKI
applied to a system that retains the many of the security problems of these
existing systems.

Steve

References:
- CyberPhone Trust Propagation Was: A $25,000,000,000 PKI
  - From: Anders Rundgren

Prev by Date: Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio
Next by Date: RE: CA vs. EE cert processing
Previous by thread: CyberPhone Trust Propagation Was: A $25,000,000,000 PKI
Next by thread: Re: CyberPhone Trust Propagation Was: A $25,000,000,000 PKI
Index(es):
- Date
- Thread