Getting certificates.
-- SSH server public/private keys are widely deployed. PKI public keys are not. Reason is that each SSH server just whips up its own keys without asking anyone's permission, or getting any certificates. Outlook and outlook express support digital signing and encryption -- but one must first get a certificate. So I go to Thawte to get my free certificate, and find that Thawte is making an alarmingly great effort to link certificates with true name information, and with the beast number that your government has assigned to you, which imposes large costs both on Thawte, and on the person seeking the certificate, and also has the highly undesirable effect that using these certificates causes major loss of privacy, by enabling true name and beast number contact tracing of people using encryption. Now what I want is a certificate that merely asserts that the holder of the certificate can receive email at such and such an address, and that only one such certificate has been issued for that address. Such a certification system has very low costs for issuer and recipient, and because it is a nym certificate, no loss of privacy. Is there any web page set up to automatically issue such certificates? The certs that IE and outlook express accept oddly do not seem to have any provision for defining what the certificate certifies. This seems a curious and drastic omission from a certificate format. Since there is no provision to define what a certificate certifies, one could argue that any certification authority that certifies anything other than a true name connected to a state issued id number, the number of the beast, is guilty of fraud. This would seem to disturbingly limit the usefulness and application of such certificates. It also, as anyone who tries to get a free certificate from Thawte will discover, makes it difficult, expensive, and inconvenient to get certificates. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 7rl5qfyPL81rhIdYUGyx/+C8WqCcrYTgFcl1rLUX 4F/YurXISWTFVDuUgRsBx/0QJKrnyQcX24+wmb5i3
Outlook and outlook express support digital signing and encryption -- but one must first get a certificate.
Now what I want is a certificate that merely asserts that the holder of the certificate can receive email at such and such an address, and that only one such certificate has been issued for that address. Such a certification system has very low costs for issuer and recipient, and because it is a nym certificate, no loss of privacy. then generate one. it won't be accepted as legitimate by the majority of clients though - you would have to get each one to approve you manually (like you would with a pgp key, but without the WoT to help you) keys can be generated using OpenSSL, or if you aren't a fan of command line tools, EBCrypt can generate them from VB; there is a mini-ca script here: http://groups.yahoo.com/group/WSH-CA/files/Current/ if you want to play with it :)
On Wed, Sep 03, 2003 at 08:27:18AM -0700, James A. Donald wrote:
-- SSH server public/private keys are widely deployed. PKI public keys are not. Reason is that each SSH server just whips up its own keys without asking anyone's permission, or getting any certificates.
..which means that it still requires an OOB authentication. (or blinding typing 'yes' and ignoring the consequences). But that's another subject.
Now what I want is a certificate that merely asserts that the holder of the certificate can receive email at such and such an address, and that only one such certificate has been issued for that address. Such a certification system has very low costs for issuer and recipient, and because it is a nym certificate, no loss of privacy.
Verisign had for a number of years an email-only cert. That is, they verified that the email address had someone or something that answered email. I beleive that they called this a 'Class 1' cert.
The certs that IE and outlook express accept oddly do not seem to have any provision for defining what the certificate certifies.
This seems a curious and drastic omission from a certificate format.
X.509, PKIX et.al. allow a CA to insert a pointer to a certificate practice statement, which can define what the certificate certifies.
and application of such certificates. It also, as anyone who tries to get a free certificate from Thawte will discover, makes it difficult, expensive, and inconvenient to get certificates.
Thwate's making free certs difficult has nothing to do with the usefulness of certs or X.509 or true names or whatever, and everything to do with maximizing profit. Since each cert carries a fixed risk of legal issues (i.e being sued because they certified X who wasn't X) Verisign/Thwate want to sell a comparatively few expensive certs instead of a lot of cheap certs. Eric
-- James A. Donald wrote:
SSH server public/private keys are widely deployed. PKI public keys are not. Reason is that each SSH server just whips up its own keys without asking anyone's permission, or getting any certificates.
On 4 Sep 2003 at 7:56, Eric Murray wrote:
..which means that it still requires an OOB authentication. (or blinding typing 'yes' and ignoring the consequences). But that's another subject.
Not true. Think about what would happen if you tried a man in the middle attack on an SSH server. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 7gudzWOPw/HkajoOG7yWwmYaxnKW/46q33B4RUjZ 4usr8rXpuPWxtPIYUZL34w+oimAMMBUkruTg8Ipgn
On Thu, Sep 04, 2003 at 10:48:55PM -0700, James A. Donald wrote:
On 4 Sep 2003 at 7:56, Eric Murray wrote:
..which means that it [ssh-- ericm] still requires an OOB authentication. (or blinding typing 'yes' and ignoring the consequences). But that's another subject.
Not true. Think about what would happen if you tried a man in the middle attack on an SSH server.
you'd get the victim's session: http://www.monkey.org/%7Edugsong/dsniff/ Abstract dsniff is a collection of tools for network auditing and penetration [..] sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI. also see http://sysadmin.oreilly.com/news/silverman_1200.html for discussion.
participants (3)
-
Dave Howe -
Eric Murray -
James A. Donald