Re: X.509 and ssh
- From: Anne & Lynn Wheeler <lynn@xxxxxxxxxx>
- Date: Tue, 11 Apr 2006 14:58:11 -0600
Ken Johanson wrote:
Let me write you 100 $100 checks... will you cash them all and hands me the goods based on my self-generated, unvouched public key? Really?
ref:
http://www.garlic.com/~lynn/2006f.html#29 X.509 and ssh
http://www.garlic.com/~lynn/2006f.html#31 X.509 and ssh
this was the physical world scenario from the 50s ... by the 60s you were starting to see (at least) business countermeasure to this scenario in the offline market, where business checks had a maximum value limit printed on the check (i.e. the check wasn't good if the individual wrote it for the limit).
the embezzler countermeasure was to create a 100 checks for $100 each .... in order to get the $10,000 (or 200 checks of $5000 each for $1m).
the issue was trying to limited the authority of any one individual. an individual might have a $1000 total budget ... but trying to control it .... they would provide the individual with checks, no one such check could exceed $100. The actual problem was to try and keep the individual within their budget. The problem with the offline model was that individual, single (even authenticated) transactions didn't aggregate.
This is where you got the online credit card model in the 70s. The consumer would do a transaction with the merchant ... and the merchant would forward the transaction to the responsible (certifying authority) institution for authentication and authorization. The merchant then got back a declined or approved response ... indicating the transaction had both been authenticated AND authorized (which was significantly more valuable to the merchant than just authenticated by itself).
Because of the various vulnerabilities and exploits in the offline credential/certificate model ... you saw businesses moving to online business cards sometimes in the 80s ... but definitely by the 90s. Instead of an individual being given a stack of checks, they were given a corporate payment card. The corporate payment card had online business rules associated with it for authorizing financial transactions (in addition to authentication). The trivial business rule was whether the transaction ran over the aggregated budget (i.e. the individual could do any combination of transactions they wanted ... as long as they didn't exceed some aggregated limit ... something that is impossible to do with the offline, individual operation at a time, credential/certificate paradigm).
One they got the aggregate budget/limit under control ... then they could also add other kinds of real-time transaction rules ... use only at specific categories of merchants, use only at specific set of merchants, use only for specific SKU codes, etc) ... the online paradigm not only provides the realtime aggregation function (not possible with the old-fashion, offline certificate/credential paradigm) as well as a variety of much more sophisticated rules (which can be dynamically change by time or other characteristic).
What you have is the issuing financial institution as the registration authority and certifying authority. The financial institution performs the public key registration (typically defined as RA functions in the traditional Certification Authority paradigm) and then certifies the information. However, instead of actually issuing a certificate ... the institution specifies that it is only in support of online, realtime transactions (since there are numerous kinds of threats, exploits, and vulnerabilities that have been eliminated that you typically run into when you are dealing with an offline paradigm ... like inability to handle aggregated transactions like the 100 $100 check scenario that I've repeatedly used a number of times). The individual digitally signs their individual transactions that is sent to the merchant ... as in the x9.59 financial standard
http://www.garlic.com/~lynn/x959.html#x959
http://www.garlic.com/~lynn/subpubkey.html#x959
it is not necessary to attach a digital certificate since it is required that the merchant send it off to the financial institution (certification authority) for both authentication (with the onfile public key) as well as authorization (does it meet all the business rules, including realtime business rule consideration). Since the financial institution has the onfile, registered public key for verifying the digital signature, it is redundant and superfluous to
require the attachment of any digital certificate (or at least any attach digital certicate with non-zero payload actually carrying any real information)
one of the requirements given the x9a10 working group for the x9.59 financial standard was to preserve the integrity of the financial infrastructure for all retail payments.
A recent post about various kinds of financial transaction threats if forced to fall-back to an offline, credential/certificate operation
http://www.garlic.com/~lynn/aadsm22.htm#40 FraudWatch - Chip&Pin, a new tenner (USD10)
a few misc. past posts showing crooks getting around any per check business limit by going to multiple checks (as in your 100 $100 check example) ... and the business world countering with real-time, online aggregated transaction operation (making the offline credential/certificate operation redundant and superfluous).
http://www.garlic.com/~lynn/aadsm4.htm#9 Thin PKI won - You lost
http://www.garlic.com/~lynn/aadsm5.htm#spki4 Simple PKI
http://www.garlic.com/~lynn/aadsm6.htm#pcards2 The end of P-Cards? (addenda)
http://www.garlic.com/~lynn/aadsm7.htm#auth Who or what to authenticate?
http://www.garlic.com/~lynn/aadsm9.htm#cfppki8 CFP: PKI research workshop
http://www.garlic.com/~lynn/aepay6.htm#gaopki4 GAO: Government faces obstacles in PKI security adoption
http://www.garlic.com/~lynn/aepay10.htm#37 landscape & p-cards
http://www.garlic.com/~lynn/99.html#238 Attacks on a PKI
http://www.garlic.com/~lynn/99.html#240 Attacks on a PKI
http://www.garlic.com/~lynn/aadsm10.htm#limit Q: Where should do I put a max amount in a X.509v3 certificat e?
http://www.garlic.com/~lynn/aadsm10.htm#limit2 Q: Where should do I put a max amount in a X.509v3 certificate?
http://www.garlic.com/~lynn/aadsm11.htm#39 ALARMED ... Only Mostly Dead .... RIP PKI .. addenda
http://www.garlic.com/~lynn/aadsm11.htm#40 ALARMED ... Only Mostly Dead .... RIP PKI ... part II
http://www.garlic.com/~lynn/aadsm12.htm#20 draft-ietf-pkix-warranty-ext-01
http://www.garlic.com/~lynn/aadsm12.htm#31 The Bank-model Was: Employee Certificates - Security Issues
http://www.garlic.com/~lynn/aadsm12.htm#32 Employee Certificates - Security Issues
http://www.garlic.com/~lynn/2000.html#37 "Trusted" CA - Oxymoron?
http://www.garlic.com/~lynn/2001c.html#8 Server authentication
http://www.garlic.com/~lynn/2001g.html#21 Root certificates
.
- References:
- Re: X.509 and ssh
- From: Ken Johanson
- Re: X.509 and ssh
- From: Anne & Lynn Wheeler
- Re: X.509 and ssh
- From: Ken Johanson
- Re: X.509 and ssh
- Prev by Date: Re: X.509 and ssh
- Next by Date: Re: X.509 and ssh
- Previous by thread: Re: X.509 and ssh
- Next by thread: Re: X.509 and ssh
- Index(es):
Relevant Pages
|
