Are you usefully certifiable?
By Scott Bradner
Network World, 08/16/99
Public-key infrastructure (PKI) and digital signatures are all the rage these days, with cover stories in a number of trade magazines and even a front page story in the Boston Globe the other day. But despite all the hype, it is far from clear what I can do with your digital signature if you send it to me.
A bit of background first. Public key cryptography refers to technology in which a user has a pair of cryptographic keys: one that is kept secret and is referred to as the private key, and an associated key that can be public. Any data encrypted in either one can only be decrypted by the other of the pair. If I want to send you a secret message, I would encrypt it in your public key before sending it to you, knowing that your private key is required to decrypt the message.
One more bit of background: A digital signature is created by running a chunk of data (such as a file) through a mathematical algorithm to get a large numerical value that is unique to the original data. The value is then encrypted (referred to as "signed") in the private key of the sender.
The signature is then sent along with the original data. The receiver decrypts the digital signature using the public key of the sender and the resulting value is compared to the result of the receiver running the data through the same algorithm that the sender used. If the values match, then all is OK with this message. (It could contain garbage but it's the same garbage that was sent.)
I need a reliable way to get your public key for either of the above functions, and that is where PKI comes in. A PKI is a set of servers, known as certificate authorities, from which I can get a copy of your public key with a digital signature, encrypted in the private key of the certificate authority for verification. This is called a certificate.
One thing that seems to be all too commonly overlooked is that it's not enough to know that a particular certificate authority signed your certificate. I also need to know what processes that certificate authority uses in its operations. In addition, I need to find out who you are before giving you a certificate to know if I can trust the certificate authority and its certificates.
The description of these processes can be very complicated indeed. RFC 2527 (www.ietf.org/rfc/rfc2527.txt) takes 45 pages and lists 178 things to include in a good description of how a certificate authority operates.
Restricting a PKI to use within a single organization can sidestep most of the potential difficulties with PKIs. But anyone thinking thata global PKI will soon facilitate electronic commerce should read RFC 2527 and weep.
Disclaimer: Sometimes there is weeping when exams are returned at Harvard, but the above lament is my own.