Re: New Method for Authenticated Public Key Exchange without Digital Certificates

From: lyal (lyalc_at_no.spam.no.ozemail.com.au)
Date: 08/10/04 

Date: Tue, 10 Aug 2004 18:21:20 +1000

"Mok-Kong Shen" <mok-kong.shen@t-online.de> wrote in message
news:cf7ip9$dko$00$6@news.t-online.com...
>
>
> lyal wrote:
> > "Mok-Kong Shen" <mok-kong.shen@t-online.de> wrote:
>
> [snip]
>
[snip]
> Fine. What would then 'two machines trust each other' above
> signify for me at all? Wouldn't the above imply that one needs
> digital certificates (or their equivalents) at that lower
> protocol level of internet communications?

Isn't the real question - which 2 machines are trusting each other?
General purpose workstations have such poor control over CA certificates
(they basically verify to "one of any avaiable root cert" ) that MITM is
easily acheived
Smartcards and similar tokens can help - but no-one has found a way to
justify the cost of ownership - the current level of problems always costs
much less than the cost of migrating to smartcards, unless other commercial
startegies apply.

>
> >>If one has registration, that would nowadays be done electronically
> >>somehow, wouldn't it? In that case digital signature would be
> >
> > Possibly, but in practice, rarely where there is substanitve risk to the
> > entity making payment. Credit cards are not even relevant here, sicne
the
> > merchant has contractually taken almost all risk - thats a part of the
card
> > scheme rules.
>
> We always desire something better, if practically feasible,
> don't we? If there are means to eliminate some risks, for
> whichever party of the transactions, why should we ignore them
> from the very beginning?

Apply that model to crossing the road, or locking up one's residence when
departing for the day, and tell us how the economics work out.

>
> >>involved somewhere, I suppose. Anyway, as I said previously, I
> >>don't see how one could establish trust online with a party that
> >>one hasn't at least done some business before. (And that is a
> >>very common case in e-commerce nowadays in my view.)
> >
> > True - and it punches a big whole in the concept of doing business with
whom
> > there has been no prior communication, the nearest thing to a reason in
> > favour of PKI in the first place.
>
> I understand that you are here also in favour of digital signatures
> and CAs. Am I right?

Sorry, wrong assumption - try again (hint - there is only one other
option).

> >>I don't see how ids and passwords could work in case I want to
> >>have a non-trivial contract with a firm by means of electronic
> >>communications alone without digital signatures be involved
> >>at some point. (Do we have to exchange these ids and passwords
> >>e.g. via registered (normal) mails before any electronic
> >>communications?)
> >
> > See above - out of band communications, such as mail, phone and fax (and
> > scarily, unprotected email) are all used today, with little relative
volume
> > of problems.
>
> There were times where e-mails were clean but now one finds
> everywhere spams. Things can evolve quite a bit apparently.
> Of course, if the value of a transaction is farily small,
> one needs little or no security protection. But we should
> also take care of cases that involve substantial monetary
> (and/or other) values and, in the general spirit of this
> group, consider opponents that eventually have substantial
> resources at their disposal, don't we?

If there is substantial value involved, wouldn't an out of band process
reduce risk more than merely knowing an entity was able to pay for a digital
cert containing a number of asserions which the CA usually can't strongly
verify?
SSL certificates area common example - a couple of faxes on company
letterhead, and a follow up phone call will result in a verisign cert being
issued in the name of almost any web site to the requester, regardless of
the true web site owner's wishes.
Having done the process multiple times (legitimately), thats all the process
breaks down to - I have not done this illegitmately, for obvious reasons.

The entire process and certificate lifecycle must be trusted, by everyone,
for PKI to produce the mythical trust it is supposed to have.
trust between 2 partiers is a lot easier than instant mutual trust between
several million individuals and several thousands of companies and
government agencies.

The PKI process and the underlying concepts are flawed - so lets not waste
real-world time on trying to build workable X.509-based ones - the term is
an oxymoron.

Lyal

>
> M. K. Shen
>

Relevant Pages