NESSETT@CCC.NMFECC.GOV (12/21/89)
There was one item raised in the recent discussion of certificates that I feel requires further comment. At least two correspondents pointed out that a recent paper in the Symposium on Operating System Principles notes a vulnerability in X.509. Not having received the proceedings of that symposium as yet, I asked people who are members of the privacy and security research group if they had seen the paper. The chairman of that group, Steve Kent of BBN, sent me the following reply. ---------------------------forwarded message----------------------------- > Dan, > The paper in SOSP notes a vulnerability in the 509 authentication > protocol, which has nothing to do with our use of certificates in mail > or with certificates in general. It is a typical oversight in the > protocol design for the three-way handshake and the paper even proposes > a fix. So, I don't see this criticism of 509 being a significant issue, > just a condemnation of the sloppiness of the standards process. > Steve ---------------------------end of forwarded message---------------------- Dan Nessett
csi@otter.hpl.hp.com (Colin I'Anson) (01/02/90)
There are a number of serious errors in X.509 which have already been reported to the CCITT defect editors. Althought I don't know how they have been resolved a list of the defects known to me might be of use to others(!) 1. The use of the mod square hash and RSA is not secure 2. The third part of 3 way authentication does not provide the purported service 3. The token structure, where encrypted data is signed, can be attacked and ownership of the data changed 4. Incorrect conditions for the constraints on the use of RSA 5. Over-restricitive definition of digital signatures Items 1-3 are serious, 4 and 5 minor. (5 might be considered to be an enhancement.) If you would like more details please e-mail me - if there is a large response, I will probably post a general answer ... Colin I'Anson ... and you can't prove I worked on X.509