[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: New draft - NULL Public Key Signatures

To: "Ambarish Malpani" <ambarishm@xxxxxxxxxxxx>, <ietf-pkix@xxxxxxx>
Subject: RE: New draft - NULL Public Key Signatures
From: "Phillip M Hallam-Baker" <pbaker@xxxxxxxxxxxx>
Date: Mon, 25 Oct 1999 16:07:51 -0400
Importance: Normal
In-reply-to: <>

I just got round to reading the draft. I find the levity unnecessary
and somewhat disturbing.

>1.  Introduction
>
>   This memo defines the NULL public key algorithm. It explains how NPKA
>   NULL algorithm should be used both for digital signatures and
>   encryption/key exchange.

>   Despite the fact that we are not lawyers, we are relatively confident
>   that it is quite safe to use this algorithm for export for any key
>   length size. It is also quite impossible for people to discover your
>   private key via timing, power analysis or other cryptographic
>   methods, as long as you are only using this algorithm.

At the very least I would want to see a very clear message stating
that this mechanism offers no security and is for test purposes only.

Unfortunately the text is written with the assumption that the reader
understands the purpose.

I don't think that the same case can be made for the need for a NULL
integrity algorithm as for a NULL confidentiality algorithm. The need
for the NULL IPSEC method arose because it is very hard to debug 
a system when you can't read any messages


The humourous references to the attacks the scheme is proof against
are I suspect likely to fall flat when some knuckle-brain implements
this and uses it for a real purpose. 

If workers at a nuclear fuel reprocessing plant can be ill trained 
enough to willingly carry buckets of enriched uranium about the place
by hand methinks we should not underestimate the risk of overestimating
the general level of competence.


		Phill

> -----Original Message-----
> From: Ambarish Malpani [mailto:ambarishm@valicert.com]
> Sent: Tuesday, October 19, 1999 7:16 PM
> To: ietf-pkix@imc.org
> Subject: New draft - NULL Public Key Signatures
> 
> 
> 
> Hi Guys,
>     Given the traffic on this list, it sounds like this IETF is
> going to be a pretty boring one. :-)
> 
> I have just submitted an individual draft about NULL Public Key
> Signatures, which I hope will be part of this working group soon
> (make things at the PKIX meeting more interesting).
> 
> The main (serious) reason for this draft, is to allow people to
> describe data items that may be signed or unsigned more easily
> in ASN.1.
> 
> Also, having a NULL algorithm is asthetically pleasing.
> 
> So here it is.
> 
> Please send all your flames/comments to this list.
> 
> Thanks,
> Ambarish
> 
> ---------------------------------------------------------------------
> Ambarish Malpani
> Architect                                                650.567.5457
> ValiCert, Inc.                                  ambarish@valicert.com
> 1215 Terra Bella Ave.                         http://www.valicert.com
> Mountain View, CA 94043-1833
> 
> 
>

Follow-Ups:
- RE: New draft - NULL Public Key Signatures
  - From: Stephen Kent
- Re: New draft - NULL Public Key Signatures
  - From: Marc Branchaud

References:
- New draft - NULL Public Key Signatures
  - From: Ambarish Malpani

Prev by Date: QC certificates MAY CERTAINLY be compared!
Next by Date: Re: New draft - NULL Public Key Signatures
Previous by thread: Re: New draft - NULL Public Key Signatures
Next by thread: Re: New draft - NULL Public Key Signatures
Index(es):
- Date
- Thread