[195] in WWW Security List Archive
what are realistic threats?
daemon@ATHENA.MIT.EDU (Doug Rosenthal)
Thu Oct 6 18:12:12 1994
Date: Thu, 6 Oct 94 09:40:56 CDT
From: rosenthl@mcc.com (Doug Rosenthal)
To: polansky@chaplin.ndhm.gtegsc.com
Cc: www-security@ns1.rutgers.edu
In-Reply-To: Robert M. Polansky's message of Thu, 6 Oct 94 08:34:34 EDT <9410061234.AA10791@chaplin.ndhm.gtegsc.com>
Reply-To: rosenthl@mcc.com (Doug Rosenthal)
It is expected that key pairs will have an expiration date, but the
period between regeneration of keys might be a year or longer. The
reason is that this is different from your password which only
authenticates you to a system that can keep up with password changes.
You key pairs are used for digital signatures. If you change your key
pairs (and thus your certificate) too often (without reason),
reverification of old transactions and messages become impossible. Once
you change key pairs, all of your old signatures will become invalid
because your old keys will now be on the Key Revocation List.
This is another issue to be addressed wrt key/certificate management.
As you say, you may have old (long-lived) data with associated digital
signatures, the keys for which may have since been revoked. I suppose
you could also keep the certificate corresponding to a signature at
the time the data and signature were stored, archived, etc., along
with a timestamp. I.e., this key/certificate was valid at the time
the transaction occurred.
I think the point is that the service provider will verify the
signature on the buyers certificate and the signature on the
transaction message, but the keys used will only be checked against a
locally cached Revocation List. For a small transaction, it is not
necessary to check the keys against *the* most up to date list; a list
that is a couple hours old might be good enough. So the user is not
authenticated, but there is a chance that the keys are revoked and the
announcement just hasn't reached the provider yet.
So... the service provider has a reasonable assurance of the user's ID
due to verifying the signature on the user's certificate, it just isn't
guaranteed until he makes an on-line check.
In summary then, different types of transactions will require
different levels of trust, which will determine whether
certificates/keys are obtained/validated on-line or via a cache, the
time-to-live for cache entries, etc.
- Doug
