Jan 7 2008

“Crashing is an appropriate response”

A bit of cryptography humor, from Peter Gutmann’s slideshow Everything you Never Wanted to Know about PKI but were Forced to Find Out

(Warning: This won’t make any sense unless you know what things like “PKI”, “self-signed certificates” and “revocation” are)

CRL Problems (ctd)
Revoking self-signed certificates is hairy

  • Cert revokes itself
  • Applications may:
    – Accept the CRL as valid and revoke the certificate
    – Reject the CRL as invalid since it was signed with a revoked certificate
    – Crash
  • Computer version of Epimenides paradox “All Cretans are liars”
    – Crashing is an appropriate response

Tags: ,

This entry was posted on Monday, January 7th, 2008 at 8:34 PM and is filed under Computers, Humor. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

5 Responses to ““Crashing is an appropriate response””

  • fluffy Says:
    January 7th, 2008 at 10:36 PM

    Ostensibly, any app which accepts a self-revocation from the self-signed cert would authorize the cert, then perform the action which is signed with said cert. Ideally such an app would be designed with ACID criteria in mind. So, hopefully, self-signed self-revocation would behave as one would intuitively expect (i.e. a suicide note).

    Reply
  • Jens Alfke Says:
    January 7th, 2008 at 10:55 PM

    But revocations are timestamped, so the cert is already invalid at the time the app is parsing the revocation. It’s exactly like the Liar Paradox.

    There’s a later point in the same slideshow where he describes how revocation means certs can’t obey ACID properties. The whole thing is a great exercise in sustained sarcasm; by the end, X.509 is reduced to a smoking hole in the ground that he’s pouring salt into.

    Reply
  • fluffy Says:
    January 8th, 2008 at 7:22 AM

    I guess that depends on how much you’re supposed to trust the timestamp, then, considering that even in a world of NTP time is still fairly relative (and lunchtime doubly-so).

    Reply
  • Shamino Says:
    January 10th, 2008 at 3:27 PM

    It would seem to me that, due to the impossibility of completely synchronizing clocks over the internet, that event-timestamps should only be trusted for the purpose of putting events from a single source in sequence. Comparing them against timestamps from other sources (including your own internal clock) is going to sometimes result in unexpected behavior.

    And, IMO, predictable behavior is better than technical correctness.

    Reply
  • Jens Alfke Says:
    January 10th, 2008 at 4:30 PM

    Yes, clock synchronization is another known issue with certificate revocation. Fortunately the granularity needed is usually pretty low, like hours or days.

    You guys are taking this more seriously than I meant! I was mostly just amused at coming across a real-world example of the “all Cretans are liars” paradox.

    Reply

Leave a Reply