[cap-talk] [Fwd: Re: [e-lang] What do CAs contribute...an
ironic short term benefit]
Trevor Perrin
trevp at trevp.net
Thu Feb 17 01:43:53 EST 2005
At 03:13 PM 2/16/2005 -0800, Bill Frantz wrote:
>On 2/16/05, David Hopwood <david.nospam.hopwood at blueyonder.co.uk> wrote:
> >Bill Frantz wrote:
> >> On 2/9/05, marcs at skyhunter.com (marcs) wrote:
> >>
> >>>Uh...hmmm....now that I've assigned a pet name to that certificate,
> which is
> >>>a unique identifier all on its own...remind me, what value is Verisign
> >>>giving me?
> >>
> >> Verisign is letting the owner of that certificate (Mark Miller) generate a
> >> new key and pass the trust you have in the current key into the new one.
> >
> >Verisign isn't needed for that. Use an off-line master key to sign on-line
> >subkeys, like in OpenPGP, SPKI, or if you must use X.509, proxy certificates
> >(RFC 3820).
> >
> >If the master key is lost or compromised, then reestablishing the petname-
> >master key binding is no more difficult than it was in the first place.
> >This is not a common enough case to justify the vulnerability to a CA.
>
>I think the re-keying problem is an enormous problem which has not yet
>been discussed.
[...]
>If the goal is to establish a long-term, cryptographically verified,
>identity, but still allow re-keying and algorithm changes, some sort of
>trusted third party may be the best engineering solution.
Agreed - for temporal integrity, there's a lot of value to having a 3rd
party sign your new keys and revoke your old ones.
The key issue is how relying parties trust the 3rd party. In a classic
PKI, everyone is assumed to know and trust the central CA.
A better idea is for the owner of a cryptographic identity (aka
"self-authenticating name", "fingerprint", etc.) to bind the identity of a
*self-chosen* CA into her own fingerprint. This gives the key-management
benefits of a 3rd-party, without the costs of forced centralization.
Trevor
More information about the cap-talk
mailing list