Vulnerability Development mailing list archives
Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwin g Rocks at the PKI
From: Chris Tobkin <tobkin () INTERSEC COM>
Date: Wed, 16 Aug 2000 16:04:04 -0500
Eric, when I started reading this I thought it was going to be a high-level examination of problems inherent in PKI.. However, the way it is written, it looks like you just tossed up a few problems with two key vendors. Truth be told, Many of the legally binding and enforcable PKI solutions used for non-repudiation and proof of identity, will have a governmental root server (which may trust other govt. root servers) and doll out authority to key vendors. Here in Minnesota, (I belive from my discussion with the Secretary of State, no I haven't read the law word for word) the only way the Digital Certificate is legally binding is if it is signed with the State in the chain. To get one of these certificates, you must meet a Notary Public in person with two valid forms of photo identification and they will issue you a digital ID for a fee. This in-person verification is necessary and will always be around to get the signed digital ID. It really won't matter if people can brute-force and revoke your key, so that part can be online, but it'll just be annoying (inconvenient) to have to get a new one. With that in mind, most of your problems seem to vaporize.. IOW, most of the legally binding ones will be less convenient than the more casual system in place today. Great things are on the way! // Chris tobkin () intersec com
Current thread:
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwin g Rocks at the PKI Chris Tobkin (Aug 17)
- <Possible follow-ups>
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwin g Rocks at the PKI Everhart, Glenn (FUSA) (Aug 18)