SIDEBAR
»
S
I
D
E
B
A
R
«
“Crashing is an appropriate response”
January 7th, 2008 by jens

A bit of cryptography humor, from Peter Gutmann’s slideshow Everything you Never Wanted to Know about PKI but were Forced to Find Out

(Warning: This won’t make any sense unless you know what things like “PKI”, “self-signed certificates” and “revocation” are)

CRL Problems (ctd)
Revoking self-signed certificates is hairy

  • Cert revokes itself
  • Applications may:
    – Accept the CRL as valid and revoke the certificate
    – Reject the CRL as invalid since it was signed with a revoked certificate
    – Crash
  • Computer version of Epimenides paradox “All Cretans are liars”
    – Crashing is an appropriate response

5 Responses  
  • fluffy writes:
    January 7th, 200810:36 PMat

    Ostensibly, any app which accepts a self-revocation from the self-signed cert would authorize the cert, then perform the action which is signed with said cert. Ideally such an app would be designed with ACID criteria in mind. So, hopefully, self-signed self-revocation would behave as one would intuitively expect (i.e. a suicide note).

           
  • Jens Alfke writes:
    January 7th, 200810:55 PMat

    But revocations are timestamped, so the cert is already invalid at the time the app is parsing the revocation. It’s exactly like the Liar Paradox.

    There’s a later point in the same slideshow where he describes how revocation means certs can’t obey ACID properties. The whole thing is a great exercise in sustained sarcasm; by the end, X.509 is reduced to a smoking hole in the ground that he’s pouring salt into.

           
  • fluffy writes:
    January 8th, 20087:22 AMat

    I guess that depends on how much you’re supposed to trust the timestamp, then, considering that even in a world of NTP time is still fairly relative (and lunchtime doubly-so).

           
  • Shamino writes:
    January 10th, 20083:27 PMat

    It would seem to me that, due to the impossibility of completely synchronizing clocks over the internet, that event-timestamps should only be trusted for the purpose of putting events from a single source in sequence. Comparing them against timestamps from other sources (including your own internal clock) is going to sometimes result in unexpected behavior.

    And, IMO, predictable behavior is better than technical correctness.

           
  • Jens Alfke writes:
    January 10th, 20084:30 PMat

    Yes, clock synchronization is another known issue with certificate revocation. Fortunately the granularity needed is usually pretty low, like hours or days.

    You guys are taking this more seriously than I meant! I was mostly just amused at coming across a real-world example of the “all Cretans are liars” paradox.

           


»  Substance:WordPress   »  Style:Ahren Ahimsa