Re: Netscape Changes RSA tree

• To: Jason Dawes <dawes@dstc.qut.edu.au>
• Subject: Re: Netscape Changes RSA tree
• From: Drexel Atkinson <datkins@unm.edu>
• Date: Mon, 24 Apr 1995 16:29:24 -0600 (MDT)
• Cc: www-security@ns2.rutgers.edu
• In-Reply-To: <199504240011.KAA00594@tornado.dstc.qut.edu.au>

On Mon, 24 Apr 1995, Jason Dawes wrote:

> > 
> > Hierarchical certification is often not appropriate.
> > Generality is good, and it's not much harder than hierarchy,
> > and it's a much better thing to build into a tool that will
> > be widely used.
> 
> The PGP model makes it very difficult to verify the certifiers of someones
> signature in a reliable way. With no hierarchy implicit, there is no easy
> way of finding a common point of trust (In a hierarchtical model, possibly:
> a Notary Public) without some sort of exhaustive search.
> 
> Yes, that may be their public key, but can you prove it?
> 

The last usenix has an mit presentation on a client/server model called 
the pgp signer.  Good article in the notes(but apparently not on line 
yet).  

They built a server which happens to be a kerberos principal(or kerberos
authentication service) and then distributed the signer client which appears
to pgp as another user with a public key.  After being invoked, the client 
sends the user's public key and name as a kerberos transaction to the signer 
server.  The server verifies the public key/kerberos name, and if "congruent" 
it signs the pgp public key and name using its private key and returns it to 
the client.  This takes care of the problem of authenticating a digital
signature which pgp may present.

drex


 
   
    

• Re: Netscape Changes RSA tree
• From: marcvh@spry.com

• Re: Netscape Changes RSA tree
• From: Jason Dawes <dawes@dstc.qut.edu.au>

• Previous: Re: Netscape Changes RSA tree
• Next: Re: Netscape Changes RSA tree
• Index(es):
  • Index
  • Thread