Public Key, No Infrastructure

Download Report

Transcript Public Key, No Infrastructure

PK no I
CITI
University of Michigan
Ann Arbor
Problem Statement
 Access
control web space
 Leverage infrastructure
– Kerberos, uniqname
– Directory and authorization
KLP Didn’t Work
 Browser
plug-in architecture is
hostile to security
 Local proxy is functional but not
hassle free
Face It!
 Web
space requires PK authentication
 (None genuine without this mark)
 Enter jis, stage east
MIT Kerberized PGP Signer
 Nobody
really used it
 I’m just mentioning it for
completeness
MIT Kerberized X.509 Factory
 Bootstrap
Kerberos
 Send pass phrase over SSL (ick)
 Server authenticates
 Entreat browser to create key pair
 Server signs pubkey, hands back to
browser
Short Lifetimes
 Avoid
CRLs at all costs
 Even at the cost of long-term
signatures and encryption
 Authentication only
 MIT allows up to a year
 Over 50,000 served! (in the first
year alone)
Problems
 Privkey
storage
– Treat as disposable ticket
 Reliance
on murky browser
technology
 Horrible UI
 Lifetime is still too long
– Compare to TGT
UMich Wrinkles
 One-day
lifetime
 junk keys
 Shun the browser way
– Kerberized application does all the work
– Part of login
Problems
 Privkey
storage
– Where does this go?
 IE:
CAPI
 No solution in hand for Netscape
– Unstable API
– They seem to like it that way
– PKCS#11 looks viable
More Problems
 Login
interface
– CAEN GINA
 MacOS
– No CAPI
– Netscape is just confused
– MIT issuer works
What’s Next
 Document
 Roll
out
So What?
 We
still don’t know how to access
control web space
 NT and Lotus/Domino use PK
authentication to “log you in”
– Wrong answer
 Does
it?
anyone know how Apache does
Any questions?
http://www.citi.umich.edu/