Nice paper! I especially liked the cited 'Johnny' paper.
What about denial of service attacks where super large RSA keys are
used or faked which either crash or tie up the server with decryption
and verification of bogus messages. Even a flood of normal
encrypted/signed messages have to be decrypted before the signature can
be checked. I've seen some messaging systems where the client encrypts
first, then signs (opposite of smime) to avoid decrypting invalid
messages on the server.
I used to work with HSMs (hardware crypto & key storage) and we used to
get many requests for accelerated crypto and strong key storage.
Standard interfaces to crypto subsystem was the feature we required.
Some corporate users can justify the cost of this feature. The problem
is inside attacks on software only cryptostores, the feature is
standardization which means crypto engine options are available.
Key-escrow (encryption key only) allows content filtering and law
enforcement agencies to function. Sounds like IBE has that capability.
Also, these email systems are only discretionary - the user has to
choose to send / receive securely. None of them (afaik) support
mandatory security where the security is always on and cant be disabled
or ignored by the user. At least with some clients they can be set to
default to secure which is a bit better. I guess that is a feature of
the email client regardless of the crypto technology though.
Thursday, December 08, 2005
Re: X.509 / PKI, PGP, and IBE Secure Email Technologies
Posted by Ed Gerck at 12:04 PM