What is the significance of this? It seems I can get a certificate for two public keys (chosen, not given) while only proving posession of the first. Is there anything else? In what sense is the second public key useful to the attacker?
the purpose of a certificate is analogous to the old letters of credit in the sailing ship days .... it supposedly establishes the bonifides of the individual in an offline, non-connected world where the relying party has no other recourse regarding trust/integrity of the individual that they are dealing with.
in the PKI/certificate world ... the relying party receives some sort of digitally encrypted/signed information and validates it using the public key presented in the attached certificate. a correctly validation then implies some kind of 3-factor authentication (although the PKI/certificate paradigm tends to totally gloss over this characteristic, instead attempting to focus the communities attention on the value of the certification as opposed to focusing the attention on any possibility/value/trust that some part of 3-factor authentication might have occured).
In any case, if the public key (from some source, possibly a certificate) is able to validate the transmission, then the relying party assumes that some portion of 3-factor authentication occured in the access and use of the corresponding private key ... possibly
* something you have (private key exclusively in a hardware token) * something you know (hardware token won't work appropriately w/o PIN) * something you are (hardware token requires some biometric)
in any case, given that the relying party accepts the validation by the public key as representing some implied 3-factor authentication involved in access and use of the corresponding private key ... then the relying party may be faced with just who the implied authentication corresponds to. In the typical, long time accepted business process ... the relying party will have prior relationship with the entity being authenticated and it will be explicit and/or implicit in the communication itself. In the more modern world, in the situations where the relying party has no prior relationship with the authenticated entity ... they will have access to online and/or real-time information to establish that fact.
However, certificates were targeted at the offline email world ... where the email was created, digitally signed (presumably after some form of 3-factor authentication occuring to establish access/use of the private key), and the email, digital signature, and certificate packaged up and sent off to some party that there had been no previous communciation (might be considered spam in this day and age). After some number of intermediary store-and-forwards stops, the package arrives at the post office of the relying party. the relying party eventually calls their post office, exchanges emails and hangs up.
At this point the relying party is presented with a digital signed message with whom that they had no prior communciation. The attached certificate provides the public key for validating the digital signature and the rest of the certificate contents is supposedly to attest to some characteristic of the email sending party (that the relying party has no other way of validating).
The implication is that if i can substitute a public key in some certificate that attests to represent some other party .... then it may be some form of identity theft (fraudulent messages can be created that otherwise appear to have originated from you ... and validate with the substituted public key). The other might be elevation of privileges .... adding characteristics to a certificate that were otherwise not provided.
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
