[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Options, was Re: To Be, or NR To Be ...
- To: Ed Gerck <egerck@xxxxxxx>
- Subject: Re: Options, was Re: To Be, or NR To Be ...
- From: Stephen Kent <kent@xxxxxxx>
- Date: Wed, 25 Aug 1999 11:10:13 -0400
- Cc: ietf-pkix@xxxxxxx
- In-reply-to: <>
- References: <> <> <> <><>
Ed,
>
>Math is not self-secure -- anything you can do in math the attacker can also.
But the math underlying cryptography, and public key cryptography in
particular, introduces an asymmetry into what the users must do vs. what an
attacker must do. So, your statement above is true, but not relevant to
the question of the security of digital signatures, the foundation of PKI
crypto-security.
>The question is thus not whether math is the foundation for public-key
>algorithms. But,
>for example, who has the private-key or who/what do you trust. By promoting
>reliance on math, one promotes reliance on no differential between user and
>attacker. What you say is the same as those that simply want "more bits" in
>their keys but have their systems wide open to ActiveX controls -- they also
>think that math does provide a basis for security.
I agree that the math foundation is but part of the system, and it is
usually not the part that In would attack. However, from a technical
security perspective, we focus on standards that don't address all of the
other security assurance issues. We have promulgated such standards in the
past (e.g., the TCSEC, ITSEC, and now the Common Criteria) and even the
IETF has published informational documents such as the site security
handbook. However, the focus of this WG is protocols (not that part 4 of
PKIX is informational, not standards track).
>But, it does not -- math is simply a tool to security.
Agreed, modulo the choice of preposition.
>> I'm sorry that you dislike the term "non repudiation" but we are NOT
>>changing
>> this "term of art" in this standards context.
>
>I do not dislike the term "non-repudiation" at all. In fact, I think that
>the concept
>of non-repudiation can be very useful and even essential. But when
>correctly used,
>not as a misnomer to indicate a "NR bit" that has a PKIX description which
>everyone
>(including you) agrees is neither necessary nor sufficient to indicate
>non-repudiation. And in math, when A is neither necessary nor sufficient to B
>then this means that B exists independently of A. In other words,
>non-repudiation
>does not depend on the state of the NR-bit as it is described in
>2459/PKIX -- and
>this is both a mathematical and a technical affirmation one should not ignore.
>
>And, as I commented before, if the broken semantics of the NR bit is not
>corrected
>(and there are three options to do this -- either delete it, or define it
>truly as
>non-repudiation, or rename and redefine it), then the market will be free to
>understand the NR bit in many different and conflicting ways -- if this
>list exchange
>in the past month can provide but a sample of them. Which will be very much
>equivalent to deleting it from the spec because "hands off that NR bit"
>will be
>safer, also to the CAs.
Although I agreed that use of the NR bit is neither necessary nor
sufficient, in isolation, I have also given many examples of where the bit
of of significant benefit in an overall NR scheme. I'll avoid continuing
the debate of whether the PKIX notion of NR is corect or not, relative to
your notion.
Steve