Vulnerability Development mailing list archives
Re: Non-Mathmatical Forging of PKI Digital Certificates /Throwing Rocks at the PKI
From: Alvin Foo <alvin.f () PACIFIC NET SG>
Date: Thu, 24 Aug 2000 11:03:24 +0800
Yes, I would agree that PKI is not the solution to all security problems. What is needed is to extend that "trust" being build into a PKI infrastructure and deploy out to the end users, or citizens in your case. What I am saying is that a PKI without any application is a white elephant. Applications need a trust model that can be extended to the end users at the point of purchase/confirmation or whatever that is needed to close the deal. To achieve this the end users need some token that is able to extend the "trust" of the PKI, the token would have to be able to of course withstand attackers covert or otherwise to maintain that trust. This token is usually a smart chip, need not necessary be of a smart card nature, there are smart chips attached to USB connectors as such. Other tokens like secure ID is fine but bulky and there is the problem of time synchronisation. Of course to issue out the tokens is no small challenge but can be easily taken by a country such as Brazil, through an existing Identity Card infrastructure or driving license etc. But before these two can be address one matter that also requires close attention to is the readers of the tokens. There are few if not no countries that have a wide deployment of token readers that would enable a enable a successful lunch of applications. There are other matters of consideration but I guess this would not be a forum for it. You have a interesting and challenging task ahead of you, good luck and success to your project. cheers Alvin -----Original Message----- From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of Dener Martins Sent: 23 August 2000 20:56 To: VULN-DEV () SECURITYFOCUS COM Subject: Re: Non-Mathmatical Forging of PKI Digital Certificates /Throwing Rocks at the PKI oops, sorry. I missed the first messages of this thread. Nevertheless, there is something that I should have said before. Other private CAs are beginning to operate in Brazil. Since the government is still a good client, and a big market itself, those CAs will follow the same procedures established by the federal government, in order to be certified by public authorities as being "trustworthy". This whole story has also a bigger goal, Mercosul. Mercosul is the open trade agreement between Brazil, Agentina, Uruguai, among other contries. These first laws about certificates are being developed to create conditions for E-commerce in South America, ie, trading between private companies (B2B). As Bruce Schneier said before, PKI isn't solution for all security problems. Probably, other mechanisms will have to be created, so national and international B2B can happen in a safer way. Regards, D. -- --------------------- Dener Martins <dener.martins () serpro gov br> F: (61) 411-8262
Current thread:
- Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Eric Knight (Aug 15)
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Pluto (Aug 17)
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Eric Knight (Aug 18)
- Re: Non-Mathmatical Forging of PKI Digital Certificates /Throwing Rocks at the PKI Dener Martins (Aug 22)
- Re: Non-Mathmatical Forging of PKI Digital Certificates /Throwing Rocks at the PKI Timothy J. Miller (Aug 23)
- Re: Non-Mathmatical Forging of PKI Digital Certificates /Throwing Rocks at the PKI Dener Martins (Aug 23)
- Re: Non-Mathmatical Forging of PKI Digital Certificates /Throwing Rocks at the PKI Alvin Foo (Aug 24)
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Eric Knight (Aug 18)
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Pluto (Aug 17)
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Pluto (Aug 29)
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Christoph Puppe (Aug 25)
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Timothy J. Miller (Aug 25)
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Lincoln Yeoh (Aug 26)
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Pluto (Aug 29)