Re: SSL info
- From: Anne & Lynn Wheeler <lynn@xxxxxxxxxx>
- Date: Fri, 05 Jan 2007 21:09:35 -0700
Ertugrul Soeylemez <never@xxxxxxxxxxxxxx> writes:
Besides the fact that a certificate contains a bit more information,
what are the privacy implications? Unless the certificate represents
something like an electronic form of your passport, you decide, what
goes in there. When the CA decides to sign it, then they do so.
Otherwise you're free to go elsewhere.
Now to the security part: A public key, as its name states, is made
publicly available. If that does reduce security, then what's the point
in public key cryptography? The authenticator really just needs the
public key to verify authenticity. A certificate is nothing more than
an encapsulated public key, together with some informations about its
holder, and one or more signatures (at least from a CA in the proper
case).
so you have a client that generates a public/private key pair. the
client registers the public key with the server/certification
authority ... the server/ca registers the public key in the server/ca
database ... then the server/ca generates a digital certificate
containing the public key and gives a copy of the digital certificate
to the client..
now in an authentication operation, the client digital signs
something, appends the digital certificate and transmits the digital
signature and digital certificate to the server/ca ... who already has
a copy of the client's public key on-file.
since the server/ca already has a copy of the client's public
key (as part of the registration operation) ... and, in fact,
the server/ca probably even recorded the original of the client's
digital certificate. that means the server/ca not only has the
client's public key as well the client's digital certificate.
requiring the client to return a copy of the digital certificate to
the ca/server on each digital signature operation is redundant and
superfluous ... when the ca/server already has copy of the client's
public key and typically also has the client's original digital
certificate (after having sent a copy of the client's digital
certificate to the client).
the ca/server would also run much more efficiently if they just used
the onfile client's public key that they already have to verify the
client's digital signature ... rather than having to go thru the
repeated extraneous gorp of verifying the (appended transmitted)
client digital certificate along with all the related digital
certificate encoding/decoding magic.
past posts in this thread:
http://www.garlic.com/~lynn/2007.html#7 SSL info
http://www.garlic.com/~lynn/2007.html#15 SSL info
http://www.garlic.com/~lynn/2007.html#17 SSL info
as mentioned before ... one of the reasons for the retrenching from
the early 90s x.509 identity digital certificates to the
relying-party-only digital certificates in the mid-90s ... was
eliminating all the extraneous personal information. It isn't so much
the publication of public key that was the issue ... it was spraying
personal information all over the place everytime the digital
certificate was transmitted.
Reducing the digital certificate to public key and some sort of
(server) record locator ... is the relying-party-only digital
certificate
http://www.garlic.com/~lynn/subpubkey.html#rpo
however, it is straight-forward to demonstrate that it is much more
efficient and drastically simpler for the relying party to directly
retrieve the public key from an online record, eliminating all of the
client digital certificate gorp ... i.e. certificateless public key
http://www.garlic.com/~lynn/subpubkey.html#certless
so comparing simple certificateless digital signature authentication
to password authentication
1) well implemented digital signature authentication is immune from
skimming/evesdropping and replay attacks (impersonation)
2) typically password scenarios require a unique value for every
different security domain. the problem is that the same value is
used for both origination and verification. unique passwords
are countermeasure for scenarios where one domain can attack
another (i.e. local garage isp and your online banking or
your place of business).
there is huge advantage of using public keys (and digital signatures)
for authentication ... compared to pins/passwords. this is true
regardless of whether it is a certificate or certificateless paradigm.
however, sometimes there is misconception that public keys
and digital certificates are equivalent.
digital certificates are mechanism for trusted information
distribution for the offline enviornment ... somewhat the electronic
version of letters of introduction/credit from the sailing ship days
.... when two entities had no prior relations .... and the relying
party had no way of directly contacting the certifying party.
However when it becomes abundently evident that the offline paradigm
digital certificates are redundant and superfluous in an online world
.... and/or between entities that have established relationship ...
then it doesn't have to follow that there is no advantage to having
public key infrastructure (without digital certificates).
.
- Follow-Ups:
- Re: SSL info
- From: Ertugrul Soeylemez
- Re: SSL info
- References:
- SSL info
- From: UKuser
- Re: SSL info
- From: Ertugrul Soeylemez
- Re: SSL info
- From: Ertugrul Soeylemez
- Re: SSL info
- From: Ertugrul Soeylemez
- SSL info
- Prev by Date: Re: SSL info
- Next by Date: Re: We will not further respond to questions here
- Previous by thread: Re: SSL info
- Next by thread: Re: SSL info
- Index(es):
Relevant Pages
|
