On Fri, 25 Oct 2002 13:17:29 +1200, Franck Martin said: > Note that you can set your exchange server to convert s/mime messages > automatically... On my exchange 5.5 in the Internet connector there is an
This is, of course, assuming you are willing or able to use an exchange server.
Not all the world uses the same proprietary package (which happens to be what
originally STARTED this thread).
> We are in chicken-egg situation, that will be solved with a global PKI (my
> opinion)...
You might want to stop, take a deep breath, and ask yourself exactly what
problems a "global PKI" will solve (you might want to go read the chapter
on PKI in Schneier's "Secrets and Lies" if you haven't already). Now let's see:
If it's within my organization, a cert signed by my local CA is fine. I trust
the guys upstairs from me to sign my organization's user's certs more than
I trust some top-level CA to sign a certificate-signing-cert for some group
I've never heard of.
If it's an organization that we've got ongoing business with, it's easy enough
to exchange certs and cross-sign them (a la PGP).
Now we get to the hard case - initiating contact with a group I've never
been in contact with before. Now, if all you care about is establishing
an encrypted tunnel, a self-signed cert works *just fine*. So there's
only two cases to worry about here:
1) A PKI *does* allow you to (somewhat) verify that the server at the other
end is who it claims to be, and that you haven't been redirected by nefarious
means (DNS cache poisoning, domain hijacking, etc) and that the server you
are talking to really *IS* the www.example.com that you wanted. Note that
the most popular application that uses SSL is IE, and that (A) IE is well-known
for a lot of ways to hijack things (and that if you've been redirected via
Javascript XSS, and you THINK you're talking to foo1.com, but really talking to
foo2.com, then a cert for foo2.com will show "no problems" unless you actually
click on the "check cert details" button and see it's issued to foo2.com.
(B) few users seem to actually care.
2) Even if you've successfully connected to www.joes-junkyard-parts.com, and
the certificate checks out, and all that, it tells you *NOTHING* about their
business other than the fact that they qualified for a cert from some CA.
It doesn't tell you if they're just in it for the credit card fraud, or if
they will actually ship the parts, or whether they are in the habit of leaving
all the credit cards out for anonymous FTP....
I suspect that the *real* reason there's no PKI yet is because there's no
really motivating reason to have anything other than a cert for the company
webserver (in most cases). And I suspect that this is unlikely to change
until the legal climate regarding digital signatures has changed a lot.
Not only does there need to be some legislation about it, but *also* some
case law testing what the legislation does and doesn't mean - the biggest
challenge will be defining the liability of a company if a private key is
hacked/stolen and used to sign things without permission. As Schneier
points out, the fact that it's signed *ONLY* proves that the data and the
private key were at the same place at the same time, and says nothing about
whether it's an *authorized* signature....
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
msg09183/pgp00000.pgp
Description: PGP signature
