[LINK] RFC: Could CAs Be Eavesdropping on Their Clients?

Kim Holburn kim at holburn.net
Sun Aug 15 11:56:51 AEST 2010 

On 2010/Aug/15, at 11:21 AM, Roger Clarke wrote:

> At 22:54 +1000 14/8/10, Kim Holburn wrote:
>> I was thinking about this reading the article and realised that every
>> time or so a certificate is used there is a call to the CA for the  
>> CRL
>> or ocsp.  This in itself could be used for traffic analysis.  The  
>> data
>> probably is logged.
>
> Yep.
>
> "If it becomes routine for signature recipients to check PARRA for
> non-revocation of digital signatures, then PARRA logs will be a
> centralised surveillance facility, capable of indicating which
> cyberspace entities a person is transacting with over a period of
> time. To some extent the surveillance could be real-time, but more
> often would provide logs over time. Either way, police and other
> investigative agencies are likely to show a keen interest, as they
> already do with telephone call data held by carriers." [1]
>
> But, because the uptake of PKI as a whole, and CRLs and OCSP within
> it, has been so dismally low, I can't recall the point Kim makes
> arising even *once* since we wrote that text  ...  13-1/2 years ago
> ...

Because our models of authentication don't scale (yet) - not to  
internet levels.

> [1] Greenleaf G. & Clarke R. (1997)  'Privacy Implications of Digital
> Signatures'  Proc. IBC Conf. on Digital Signatures, March 1997, at
> http://www.rogerclarke.com/DV/DigSig.html#Publ
>
>
> -- 
> Roger Clarke                                 http://www.rogerclarke.com/
> 			
> Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611  
> AUSTRALIA
>                    Tel: +61 2 6288 1472, and 6288 6916
> mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/
>
> Visiting Professor in the Cyberspace Law & Policy Centre      Uni of  
> NSW
> Visiting Professor in Computer Science    Australian National  
> University
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link

-- 
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

More information about the Link mailing list