Transcript Public Key, No Infrastructure

pk no i
peter honeyman
citi, university of michigan
ann arbor
problem statement
 access
control web space
– face it: requires pk
 leverage
umich infrastructure
– kerberos, uniqname
– directory and authorization
mit kerberized x.509 factory
 bootstrap
from kerberos
 send pass phrase over ssl (ick)
 server authenticates
 entreat browser to create key pair
– welcome to click hell
 server
signs pubkey, hands back to
browser
short lifetimes
 avoid
crl at all costs
 even at the cost of long-term
signatures and encryption
 authentication only
 mit allows up to a year
 over 50,000 served! (in the first year
alone)
problems
 privkey
storage
– treat as disposable ticket
 reliance
on murky browser technology
 horrible ui
 trains user to engage in bad practice
 lifetime is still too long
– compare to tgt
citi wrinkles on mit sol’n
 one-day
lifetime
 junk keys
 kerberized application does all the
work
– part of login
– pam, authman, kerb95
privkey storage
 where
does this go?
– ie: capi
– netscape: pkcs#11
How not to access control
web space
 nt
and lotus/domino use pk
authentication to “log you in”
 wrong answer
any questions?
http://www.citi.umich.edu/