[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Shifting around the risk burden, Re:

To: "ietf-pkix@xxxxxxx" <ietf-pkix@xxxxxxx>
Subject: Re: Shifting around the risk burden, Re:
From: Ed Gerck <egerck@xxxxxxx>
Date: Tue, 14 Dec 1999 07:56:36 -0800

All:

This is a reply to a private comment I received,
which may be useful here.

Cheers -- Ed Gerck

-------- Original Message --------
Subject: Re: Shifting around the risk burden, Re: Consensus Text for
Date: Mon, 13 Dec 1999 00:41:01 -0800
From: Ed Gerck <egerck@nma.com>

,,, wrote:

> I doubt the correctness of the quoted assertion from X.509:
>
> >A number of practical methods
> >are available for the user to hold his private key in a
> >manner that provides adequate security
>
> It depends on what "adequate" means, but there are too many published
> attacks on known systems to leave me at all comfortable with the practical
> methods I'm aware of.
>

Yes, that affirmation is weak -- and it was put there IMO in order to
try to preempt doubts. However, in discussing X.509/PKIX in order
to try to develop a better base for interoperation, which is my 
main objective, I have found it more useful to hold to one part of
the PKIX spec while verifying fallacies in another -- rather than trying
to show that both (or, more) parts are wrong.

What is at stake here is the Grandma scenario, where Denis insists that
X.509/PKIX can be used to deal with the content of what was signed,
as well as its intent, which are respectively second- and third-order removed
from the act of signing a message *digest* -- which is all that X.509/PKIX
deals with.  The fact that I am fully aware (assuming this much) that I am
signing a message digest, does not mean that I agree with the content
and also does not mean that I had the intent of declaring my definitive
agreement to it, irrebuttably.

So, first, I need to show that (above) -- then, the fact that not even
that modicum of trust is granted. I have to leave to a separate argument
the fact you point out That I cannot assume I was fully aware of signing
a message digest -- my key might have been stolen, for example, and I
might have never signed it.

Now, if I would question this first then people may say that I am being
"impractical" because everyone knows that we all use credit-cards on the
Internet and it mostly works, that business has risks anyway, etc.

So, the real problem needs to be tackled first IMO -- that X.509/PKIX is
not about validation of message *content* or *intent*, it is about
authentication of credentials as data.  The semiotic confusion is between
the message as data (syntax -- that carries values, which are always
uninterpreted) and the message as "code" (semantics -- that carries
instructions, which can only be functional after interpreted according
to a trusted context).  X.509/PKIX  deals with data, not with "code"
--  X.509 is moot on validation procedures for "code" aspects.  Thus,
it cannot be applied to draw conclusions on that which it outrightly 
does not represent.

Cheers,

Ed Gerck

Prev by Date: RE: cert == crl
Next by Date: Re: cert == crl
Previous by thread: RE: Online PIN & Server Wallet
Next by thread: ISOC Netw. & Distr. Sys. Security Symp. (NDSS 2000)
Index(es):
- Date
- Thread