To: | cq-contest@contesting.com |
---|---|
Subject: | [CQ-Contest] LotW and trust models |
From: | Lyndon Nerenberg <lyndon@orthanc.ca> |
Date: | Tue, 30 Sep 2003 17:39:22 -0600 |
List-post: | <mailto:cq-contest@contesting.com> |
It's obvious from most of the comments here that people don't understand
trust models and how they relate to security systems. What follows in a
slightly annotated excerpt from an off-list reply I made that might shed
some light on why things are the way they are. Note that the off-list
reply was PGP signed. This message is not, because the mailing list
software that manages the list rejects messages that use the new
application/pgp-signature MIME type. --- Forwarded extract follows --- The trust model needed to ensure the integrity of the credentials requires that you trust all intermediaries to a minimum level that is appropriate to the service you are authenticating. This includes, e.g., the transport mechanism used to deliver the request. In this context, the post office is rated sufficiently trustworthy, while unsigned (in the cryptographic sense) email is not. This is a hard problem to solve. In my previous job I helped design a system for the electronic delivery and payment of bills via electronic mail. The hardest part of the design was being able to make the guarantee, to a level acceptable by the courts, that the entity sending the bill was who they claimed to be, and that the recipient was who they claimed to be. The latter was equally as important as the former, being necessary to allow the billing intermediary to prove to the court that the recipient did in fact receive the bill. The solution was not a technical one, but instead required us to provide policy mechanisms that would allow all parties in the transaction to prove to each other, through means other than the billing/payment system itself, that they were who they claimed to be. This out-of-band initial identification isn't there to make life difficult for everyone: it is required by the mathematics of public key signature systems. An example ... this message is PGP signed. What does that tell you? It tells you that someone with access to the private key of the PGP certificate that signed this message, signed this message. It in no way confirms that the person who signed the message is in fact the person named in the From header of the message. For you to truly believe that the message was signed by me, you need to confirm that the PGP certificate used to sign this messages does belong to me in fact. You can't do that by email, because you don't know who is really sending (and signing) these email messages. You have to verify my PGP certificate by some other means. If you were confidant that you could recognize my voice over the telephone, and had first-hand knowledge of my telephone number, you could call me up and ask for my PGP fingerprint. After I gave that to you, you would compare it with the fingerprint of the certificate that signed this message. If they matched, then, and ONLY then, could you state with certainty that it was in fact me who sent the message. (Technically, it asserts that the signer held the certificate's private key. Presumably I'm not going to hand that out, since that would let the holder forge my identity.) What the ARRL is doing is no different. They're just doing the out-of-band identity verification using a set of tools that are easily available to them (and to the end-users of the system). --- End of forwarded extract --- --lyndon --------------------------------------------------------------- The world's top contesters battle it out in Finland! THE OFFICIAL FILM of WRTC 2002 now on professional DVD and VHS! http://home1.pacific.net.sg/~jamesb/ --------------------------------------------------------------- _______________________________________________ CQ-Contest mailing list CQ-Contest@contesting.com http://lists.contesting.com/mailman/listinfo/cq-contest |
<Prev in Thread] | Current Thread | [Next in Thread> |
---|---|---|
|
Previous by Date: | [CQ-Contest] GoTW, Rich Gelber, K2WR |
---|---|
Next by Date: | [CQ-Contest] Re: High Rate Audio Clips, Dan Levin |
Previous by Thread: | [CQ-Contest] GoTW, Rich Gelber, K2WR |
Next by Thread: | Re: [CQ-Contest] LotW and trust models, Blake M. Meinecke |
Indexes: | [Date] [Thread] [Top] [All Lists] |