Public Key, No Infrastructure
Download
Report
Transcript Public Key, No Infrastructure
PK no I
CITI
University of Michigan
Ann Arbor
Problem Statement
Access
control web space
Leverage infrastructure
– Kerberos, uniqname
– Directory and authorization
KLP Didn’t Work
Browser
plug-in architecture is
hostile to security
Local proxy is functional but not
hassle free
Face It!
Web
space requires PK authentication
(None genuine without this mark)
Enter jis, stage east
MIT Kerberized PGP Signer
Nobody
really used it
I’m just mentioning it for
completeness
MIT Kerberized X.509 Factory
Bootstrap
Kerberos
Send pass phrase over SSL (ick)
Server authenticates
Entreat browser to create key pair
Server signs pubkey, hands back to
browser
Short Lifetimes
Avoid
CRLs at all costs
Even at the cost of long-term
signatures and encryption
Authentication only
MIT allows up to a year
Over 50,000 served! (in the first
year alone)
Problems
Privkey
storage
– Treat as disposable ticket
Reliance
on murky browser
technology
Horrible UI
Lifetime is still too long
– Compare to TGT
UMich Wrinkles
One-day
lifetime
junk keys
Shun the browser way
– Kerberized application does all the work
– Part of login
Problems
Privkey
storage
– Where does this go?
IE:
CAPI
No solution in hand for Netscape
– Unstable API
– They seem to like it that way
– PKCS#11 looks viable
More Problems
Login
interface
– CAEN GINA
MacOS
– No CAPI
– Netscape is just confused
– MIT issuer works
What’s Next
Document
Roll
out
So What?
We
still don’t know how to access
control web space
NT and Lotus/Domino use PK
authentication to “log you in”
– Wrong answer
Does
it?
anyone know how Apache does
Any questions?
http://www.citi.umich.edu/