[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problem for public CAs

To: ietf-smime@xxxxxxx
Subject: Re: Problem for public CAs
From: HORII Naoto <Naoto.Horii@xxxxxxxxx>
Date: Tue, 08 Feb 2000 10:42:33 +0100
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-smime@xxxxxxx

Alfred Arsenault wrote:

> -----Original Message-----
> From: HORII Naoto [mailto:Naoto.Horii@xxxxxxxxx]
> Sent: Monday, February 07, 2000 1:33 PM
> To: ietf-smime@xxxxxxx
> Subject: Re: Problem for public CAs
>
> Item 3 would typically be implemented by restricting the type of questions a
> client can ask to the CA:
>
> 1) S/MIME certificates would be returned only if the subjectAltname is
> unambiguously specified - e.g.
>
> client: search certificate for subjectAltname=lawsg@xxxxxxxxxxxxxxxxxxx
> server: OK, certificate=blah
>
> client: search certificate for subjectAltname=*@it.postoffice.co.uk
> server: ERROR, inavlid search key
>
> For such a protection scheme to work, your directory server must obviously
> be able to validate/
> sanitize a search key against access rules - e.g. "no wildcards allowed in
> search keys" - before
> forwarding the search to your directory's backend engine.
>
> <snip>
>
> AWA: Of course, this doesn't work if you allow me an unlimited number of
> queries to your directory.  I'll just start with some of the more "obvious"
> possibilities and work my way out; e.g.,
>
>         search for:  certificate for smith@xxxxxxxxxxx
>                        certificate for jsmith@xxxxxxxxxxx
>                          certificate for smithj@xxxxxxxxxxx
>                          ...
>
> It's not real efficient, but hey, that's what computer programs are for. :-)
> Sooner or later, I'll get a reasonable number of certs, and away I go.  I'll
> chew up a lot of network bandwidth and leave footprints all over your
> directory, but if you let me search like this, it's worth it - if there's
> money to be made in spamming, I don't care what it costs you for me to get
> the addresses. :-)

My assumption, of course, is that it would be less expensive for a spammer to just send
his/her mail via an open relay mail gateway to smith@xxxxxxxxxxx, smith@xxxxxxxxxxx,
smithj@xxxxxxxxxxx -- even if most of these addresses will be invalid -- than to look up
digital certificates for these addresses before sending the mails.

It usually doesn't make sense for a spammer to use the target's certificate to encrypt the
spam: doing so makes evey message unique and the spammer then loses the leverage
of being able to dispatch a mountain of e-mail by forwarding just a single copy of the
mail to an open relay SMTP server together with a space-efficient recipient address list.

For e-mail, I think the privacy concerns of having your e-mail address -- once it's known --
easily mappable to a PKI certificate via a publicly accesible directory are outweighed by the
benefit of allowing people to authemticate your mails or send you encrypted data.
E-mail addresses are just one of the numerous coordinate points  -- which include e.g. mobile
and fax phone numbers, e-mail addresses, URLs, X.500 DNs... -- people can use to sort of
locate you in an abstract digital space.  IMHO these coordinate's connection with the "real"
physical world in which you live can be made quite tenuous if you are careful enough...

Are we straying more and more off-topic for this forum or what ;-)

Cheers,
Naoto

References:
- RE: Problem for public CAs
  - From: Alfred Arsenault

Prev by Date: RE: Problem for public CAs
Next by Date: 47th IETF: S/MIME WG Agenda
Previous by thread: RE: Problem for public CAs
Next by thread: RE: Problem for public CAs
Index(es):
- Date
- Thread