lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <000901c31878$a65f6e40$0100000a@yrpxb5>
From: yossarian at planet.nl (yossarian)
Subject: PGP vs. certificate from Verisign

----- Original Message -----
From: "Shawn McMahon" <smcmahon@....com>
To: <full-disclosure@...ts.netsys.com>
Sent: Monday, May 12, 2003 1:09 AM
Subject: Re: [Full-Disclosure] PGP vs. certificate from Verisign

Yossarian wrote
>> What I wonder - will Verisign have set up CRL servers yet? Remember the
IE
>> problem when someone got hold of MS certificates? The MS-fix was
>> blacklisting them locally, the real problem was that there was no
revocation
>> servers. Then again, how many concurrent connections would they get if MS
>> sent out a critical update?
>
>> So - stick to PGP - forget about PKI.

Shawn wrote:
>Pardon me if a clue whizzed by while I was working, but I read this as
>"PKI doesn't have any way to guarantee ad-hoc revocation of a
>certificate, so stick to PGP, which also doesn't have any way to
>guarantee ad-hoc revocation of a certificate".

Well, other arguments have come along in this discussion, such as the
legalities, but they don't appy in all countries. But most of Europe and US,
though. If you don't need revocation, a class 1 might do. It does not really
matter wether it is ad hoc, if you need a revocation, it probably needs to
be soon.

There are some other arguments - and now some people might not agree - I
think i might give just a few:

X.509 is not a single standard. v3 is the current, but as Peter Guttman
explains in length, there are more than a dozen official subtypes. Different
subtypes and implementations usually can not cooperate. The v3 standard
incidentally has expired - what is next? Of course if we all use Verisign,
their cert will be the de facto standard. Many other companies have stepped
out of PKI anyway. Which makes this problem worse, in a way - there is much
less effort in the further development.

PKI gives a sense of security, but it is not (yet) adequate to lower your
defences - who do you trust? Maybe the CA has good policies, and maybe the
auditing by some accounting firm (KPMG, CGEY, etc.) is good, but all you can
do here is believe or not believe them - the reports are just paper. There
are quality standards, like ETSI 101 456 - but how clear are they? Maybe to
you - read them first and try to see its impact. Then look at the auditors
making these reports - what is the skill level and what are the commercial
interests? (KPMG has invested heavily in PKI, to become a CA) What the MS
incident proved is that Verisign gave certs to people pretending to
represent MS.... So do you trust the CA or its accountant?

And what is the impact of cross certifications - i.e. when a company buys
software from RSA it can make its own certificates, that are co-signed by
RSA. How trustworthy is this company? So, how good are these certificates?

What does a cert prove (the traditional which John Doe question) about the
'other' end of communication?

Where and how do you store your private keys? Testing showed that it can be
found and retrieved from your harddisk, so it has to be on a smartcard at
least. Do you have one? Do the people you are communicating with have one?
The same goes for PGP - but again there is no legal risk.

The free certificates from Thawte are to build a web of trust yourself, just
like PGP. With some nasty things - the Notaries. These can 'verify' the
validity of someone's certificate. But how to become one? Pay $25 and fax or
mail copies of a passport. Well, now I wonder - how then do they check
wether these copies have not been falsified? So I guess this not what the
Versign PKI is all about - but some completely different.

Well, there is more, but then this will become a real lengthy argument.

yossarian



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ