[LINK] Demolition Job on Digital Signatures

Damien Miller djm@mindrot.org
Thu, 9 Nov 2000 12:49:08 +1100 (EST) 

On Thu, 9 Nov 2000, Roger Clarke wrote:

> 
> I've finally got round to codifying the problems with conventional public
> key infrastructures, i.e. those based on X.509 certificates.

Great paper, a few comments:

My pet hates about X.509 are technical in nature, primarily:

- The lack of single standard (see Peter Guttman's X.509 style guide[1] 
for the gory details)
- The lack of sane, correct implementations. Microsoft being the worst 
offender.
- Needless complexity, which is antithetical to security. X.509 is as
bloated and horrid as the other ISO standards.

Unfortunately X.509 won't die until the market gives it a damn good stake
through the heart in the form of SSL/TLS utilising an alternate PKI. There 
were some internet-drafts on using OpenPGP in TLS, but they expired
before I read them.

Section 3.1 

The last set of bullet points you state that "infrastructural elements 
must all be in place..." as preconditions for assurance. 

IMO this is a little redundant. Decent PK means that if you have and 
trust the recipients key AND they have and trust yours then even in the
presence of a hostile intervening network the worst that can happen is
a failure to communicate.

A possible exception to this is certificate revocation list servers, but 
strong implementations will "fail-closed" and you excluded non-repudiation 
from the scope two paragraphs ago :) 

Section 3.2

Your last assertion "CAs deflect attention from the critical 
weaknesses..." could do with a little more explanation, perhaps a 
concrete example.

Anecdote: From my window I can see E-Sign's Australian Head Office, they
are a prime example of this sort of behaviour. A presentation of theirs 
that I attended focused entirely on their "seven levels of security" and
how they had ex-federal police consulting on their security design.

Section 7

CRLs are largely replaced by OCSP (online certificate status protocol),
though I have never seen the use of either - a concern in itself.

Section 9

There is one application where a hierarchial model of trust works very
well, which has also been X.509's "killer app" - business web site 
certificates.

-d

[1] http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt

-- 
| ``We've all heard that a million monkeys banging on | Damien Miller -
| a million typewriters will eventually reproduce the | <djm@mindrot.org>
| works of Shakespeare. Now, thanks to the Internet, / 
| we know this is not true.'' - Robert Wilensky UCB / http://www.mindrot.org