[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Encryption keys in Transaction PKI
|
From: http://lists.oasis-open.org/archives/pki-guidelines/200509/msg00000.html I extract the following:
"I foresee a capability in HTML-forms
or XMLForms that will allow application developers to embed the required
encryption keys in the form (or more likely reference them within a publicly
accessible LDAP server so they can be pulled down as the form is displayed on
the user's screen), along with the policy guidelines (must be 3DES-CBC-SHA-256,
etc.) as declarations in the form."
Since the whole reason for the end-to-end
encryption requirement was that the server could not be trusted, I
believe that a model where the very same server supplies or suggests encryption
keys, is by definition "broken" security wise.
In addition, I wonder how the actual
recipient is supposed to be assigned and how this is to be mapped to an
encryption key. We may indeed end-up having to rely on S/MIME
certificates and e-mail addresses, further adding to my belief that this is
really nothing but "Secure e-mail, V2".
A recent high-profile BioPharma PKI initiative using Web Sign:
http://www.arcot.com/docs/SAFE_TPOC_FS.pdf shows a carbon copy of what I have
suggested as a suitable scheme for Transaction PKI.
Message encryption OTOH, kills interactivity as you cannot
have a conversation with a server if you can't talk with it. If
somebody else can, would you please be so kind explain how. Presenting an
empty form (which is doable), is at least not my definition of an interactive
(=web) service.
The most fundamental question still remains: Why would an
IT-department setup a web server that is not to be trusted by its
users?
Anders Rundgren
Principal Engineer
RSA Security
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]