From: Eric Knight [deceased1@HOME.COM] Sent: Tuesday, August 15, 2000 5:08 PM To: VULN-DEV@SECURITYFOCUS.COM Subject: Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Mr. Vandevenne: > - is mail server compromise really needed ? I imagine simple sniffing > could achieve the same result - one doesn't need to get the mail in > mail format to use the information and as far as detection of the > problem is concerned, it will be detected soon enough after the > original key is revoked anyway I wasn't thinking in those terms, but I see you are absolutely correct. This method might leave some evidence behind that the compromise had happened, but is probably unnecessary for the forging process to complete and action to be taken. In fact, I see that the network compromise can occur anywhere between the SOA and the destination, including redirected traffic. That does make the overall attack considerably stronger and takes a lot of control away from the victim. > - imho, it is again convenience vs security - assuming a government > would handle the initial certification better, and they probably would, > I wouldn't trust them more than the commercial entities if they started > to implement a web interface to their databases. Agreed. I'm not trying to make an argument for government PKI, however. I'm not ready to accept any side in this matter until I can see something compelling. Debating which of the three should be picked over the other is probably just a moot argument -- each one probably is superior in their own specialized environments. > On the form... > > - you mix passphrase / password sometimes, with the result that I don't > know which is which at some point Sorry, Pass Phrase was introduced by VeriSign's web page, probably trying to convince people to pick longer "authentication strings" than a single word in order to cover for the "do not use punctation" line. I can envision the MD5 or SHA-1 hash on the backend that allows long phrases, and maybe UserTrust uses DES which is why they have 8 digits or less. Password is the convention, but remains a misleading industry buzzword. I'll standardize it. > As far as the real problem is concerned, I liked the approach taken by > the global trust register much better - the different certification > levels are not linked to the amount of money paid but to the amount of > verifications carried out. > > http://www.cl.cam.ac.uk/Research/Security/Trust-Register/book.html GlobalSign did seem like they were going at things the right way, they went at length describing their processes and did an excellent job of explaining their authentication practices. My concern is that to revoke/replace the key didn't have a similar re-authentication method. I'm going to hammer at the GTR idea here for a bit, I'll get back to you on that. Thanks for your comments, Eric Knight knight@securityparadigm.com