Thursday, December 08, 2005

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

Anne & Lynn Wheeler wrote:
i've periodically written on security proportional to risk ... small sample

introductioin of PKI and certificates in such an environment may
actually create greater vulnerabilities ... since it may convince the
recipient to trust the PKI operation more than they trust their own,
direct knowledge ... and the PKI operation opens up more avenues of
compromise for the attackers.

Regarding PKI, the X.509 idea is not just to automate the process of
reliance but to do so without introducing vulnerabilities in the threat
model considered in the CPS. Further, X.509 simplifies what it provides
to the least possible _to_automate_ and puts all the local and human-based
security decisions in the CPS.

For example, let's see an oft repeated issue of "a crook attacking the
authoritative agency that a certification authority uses for the basis
of its certification, and then getting a perfectly valid certificate".

This is not really about X.509 or PKI, it's about the CPS. If the CPS
says it restricts cert reliance to the assertion that the subscriber's
email address was timely responsive to a random challenge when the cert
was issued, then relying on anything else (e.g., that the email address
is owned or operated by an honest person, or by a person who bears a name
similar to that mailbox's username, or even by a person at all) is
unwarranted. With this CPS, there was really no "attack" on the CA and the
cert _is_ perfectly valid -- all it does is authenticate the email address
that _was_ verified.

What's a bit of a struggle, thus, is that many subscribers and relying-
parties do not fully realize that the CPS is outside the scope of PKI and
yet defines the email security model for that PKI -- what you can trust
and what you can't. Yes, in this regard, there are as many PKIs as there
are CAs and this is reflected in the paper as problem P16 (
Requires Common
Root Of Trust

Having the CPS outside the scope of X.509/PKI is both a solution (makes
the X.509 effort independent of local needs) and a big problem, as CAs
(writers of the CPS) have the power to write almost anything they want,
including their notorious DISCLAIMER (where _near_ everything of value to
the subscriber is disclaimed, while _everything_ of value to the relying-
party is disclaimed).

That's why its useful to compare X.509 / PKI, PGP, and IBE technologies
for secure email, to know what are the trade-offs.

By comparing the capabilities and faults of the secure email products
per technology used, these and other problems come up in the score card.

Ed Gerck

No comments: