[15809] in cryptography@c2.net mail archive
Re: dual-use digital signature vulnerabilityastiglic@okiok.com
daemon@ATHENA.MIT.EDU (Sean W. Smith)
Wed Jul 21 14:18:12 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <20040719154006.2B86FB4073@mail.okiok.com>
Cc: Anton Stiglic <astiglic@okiok.com>
From: "Sean W. Smith" <sws@cs.dartmouth.edu>
Date: Wed, 21 Jul 2004 11:52:37 -0400
To: "<cryptography@metzdowd.com> <cryptography@metzdowd.com>" <cryptography@metzdowd.com>
On Jul 19, 2004, at 11:40 AM, Anton Stiglic wrote:
> The X.509 PoP (proof-of-possession) doesn't help things out, since a
> public
> key certificate is given to a user by the CA only after the user has
> demonstrated to the CA possession of the corresponding private key by
> signing a challenge. I suspect most implementation use a random
> challenge.
I would have thought that de facto standard approach is: the client
constructs the certificate request message, which contains things like
the public key and identifying info, and signs it. The CA then checks
the signature against the public key in the message.
Quickly checking with our deployment folks...this is how it works the
standard browser/OS suites, with the iPlanet Certificate Management
System at the CA. (We combine CA and RA here.)
It would be interesting to see if there's support software out there
that does something as naive as sign a random challenge. I really
suspect this is a strawman...
(Darn it, this is creating the need for some real data: how many X.509
certs are in use today, how many of these are on standard user
platforms, what are the keys used for, and how was PoP handled?)
--Sean
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
