antony@george.lbl.gov (Antony A. Courtney) (06/20/91)
My question is really pretty simple: In Sun's Secure RPC, how does the system guarantee that the public keys dsitributed in the Yellow Pages database publickey.byname are not forged? Basically, how has Sun solved the problem of key distribution with their public key system? From Sun's Security Features Guide, Chapter 6, "Secure Networking": DES Authentication The security of DES authentication is based on a sender's ability to encrypt the current time, which the receiver can then decrypt and check against its own clock. The timestamp is encrypted with DES. Two things are necessary for this to work: 1) the two agents must agree on what the current time is, and 2) the sender and receiver must be using the same encryption key. ...[ how time is synchronized]... Here's how the client and server arrive at the same encryption key. When a client wishes to talk to a server, it generates a random key for encrypting the time stamps (among other things). This key is known as the Conversation Key, CK. The client encrypts the Conversation Key using a public key scheme, and sends it to the server in its first transaction. This key is the only thing that is ever encrypted with public key cryptography. ... To my interpretation of the rest of the documentation, the public key used for this first transaction is retrieved from the YP database publickey.byname. Now, what is to stop a potential intruder from impersonating the YP server when the client queries the YP server? If you prefer a scenario: machine A wants to get a secure channel to B. intruder is on machine C. YP server is on machine S. C keeps a copy of the public keys for lots of the local machines, including A and B. A sends an unencrypted request for B's public key to S. C sees A's request and grabs it and C crashes S somehow. C responds to A impersonating S, but instead of giving A B's public key, it gives A C's public key, PKC. A encrypts CK with PKC and sends it off to B. C grabs it, decypts it, re-encrypts it with the REAL PKB and sends it to B. C now knows the Conversation Key, CK, and can decrypt any communications between A and B. This isn't a new problem, I just want to know how Sun has solved it. antony -- ******************************************************************************* Antony A. Courtney antony@george.lbl.gov Advanced Development Group ucbvax!csam.lbl.gov!antony Lawrence Berkeley Laboratory (415) 486-6692