[855] in Kerberos
RE: X.509 vulnerabilities
daemon@ATHENA.MIT.EDU (Denis.Russell%newcastle.ac.uk@NSFNET-RELAY.AC.UK)
Thu Dec 21 05:19:40 1989
From: Denis.Russell%newcastle.ac.uk@NSFNET-RELAY.AC.UK
To: Kerberos@ATHENA.MIT.EDU
In-Reply-To: <891220082740.22200126@CCC.NMFECC.GOV>
With reference to:
> ...
> At least two correspondents pointed out that a recent
> paper in the Symposium on Operating System Principles notes a vulnerability in
> X.509. Not having received the proceedings of that symposium as yet, I asked
> people who are members of the privacy and security research group if they had
> seen the paper....
The paper hasn't made it to our library yet either, but I
presume (?) that it refers to the work of Burrows, Abadi, and
Needham. This can be found in DEC's Systems Research Center
Technical Report 39 "A Logic of Authentication", Feb 28, 1989.
In this report they analyze several protocols and do indeed
point out a problem in X.509 (p 36) and suggest a solution (p
40). The problems are in the same sort of category as the hole
in the original Needhan-Schroeder protocol as pointed out by
Denning and Sacco, and are to do with the problems
(impossibility?) of assuring that the {\it protocols} do not
contain logical holes unless a formal method of reasoning about
the protocols is used. They provide such a formal method, and
the exercise with X.509 is one demonstration of its utility.
