PGP and PKI (Public Key Infrastructure)
Disclaimer: “classic” PGP vs. Network Associates version
Many companies are using PGP to exchange confidential data with other companies because
PGP is easy to obtain
PGP is cheap
PGP is easy to use
PGP uses standard, tested algorithms (RSA, IDEA), not suspect proprietary ones
PGP is being used by many/most of the other companies that they want to exchange data with
However, PGP has the same basic problem that afflicts all public key systems: authentication of public keys
How do I make sure that this public key really belongs to X, and not to some bad guy?
How do I make sure that this public key is X’s current public key and not X’s old, no longer valid public key?
“This whole business of protecting public keys from tampering is the most difficult problem in practical public key applications.” p. 27, The Official PGP User’s Guide
Most public key systems nowadays, including PGP, use digital certificates as the basis for dealing with this problem.
issuer
subject
expiration date
plaintext and signed digest
(How would you handle the problem without using digital certificates?)
PGP’s solution: the “web of trust” model
self-signed certificates
trust levels and “trusted introducers”
multiple signatures allowed
public key ring
think “peer-to-peer”, not centralized/hierarchical
Some good things about PGP’s model:
Flexible
Cheap and easy
Gives users lots of control (“trusts” users to know and do what’s best)
Some bad things about PGP’s model:
Gives users lots of control (“trusts” users to know and do what’s best)
Not very scalable
Plenty of room for hanky panky (Ebay seller reviews analogy)
PGP’s model wasn’t really designed for use by large companies, it was designed for use by individuals
PGP was designed ‘For more decentralized grassroots “guerilla style” environments…’ p. 26, The Official PGP User’s Guide
A general definition of PKI: an infrastructure consisting of “…the components needed to securely distribute public keys.”
The “components” could include standards, protocols, software, organizations, etc.
Under this definition PGP could be construed as a PKI, perhaps
What people usually mean by PKI is:
X.509-like digital certificates
Certificate (or Certification) Authorities (CAs)
May also include “subCAs”, Registration Authorities (RAs), and/or Validation Authorities (VAs)
Certificate Revocation Lists (CRLs)
X.509-like digital certificates
no user-assigned “levels of trust” (but may have “high, low, and medium assurance” certificate types)
one signature on each certificate
no self-signed certificates (issure > subject), with one exception
Certificate Authorities (e.g., Verisign) at the very least:
Issue digital certificates
Maintain databases of valid and invalid (expired or revoked) certificates
Provide some way for interested 3rd parties to get certificate database info (push or pull models)
CAs and I.E./Netscape:
How do CAs become CAs? How did the CAs included with your copy of I.E./Netscape come to get there?
Do we need more than one CA?
What happens when a CA receives a request for one of their digital certificates? (What does the CA actually do?)
Registration Authorities:
Offload some of the checking work from the CA
Can be located closer to the entity requesting a certificate
“SubCAs” or delegated CAs
Help to avoid bottlenecks (CA doesn’t have to do it all)
Security: if subCA’s private key is compromised, damage is limited to certificates issued by that subCA
Validation Authorities:
Validate individual transactions involving certificates
Check that certificate hasn’t expired or been revoked
Check that certificate was issued to appropriate entity
Check other permissions/limits that might be associated with the certificate (e.g., only transactions less than $100 allowed)
Certificate Revocation Lists:
List of revoked certificates that have not expired yet
Can get quite large for a single CA: how do we distribute the info (push or pull modes? delta lists?)
How does PGP handle certificate revocation?
DIY Try to contact everyone who might have one of your certificates on their key ring (good luck!)
Exchanging public keys with someone you want to communicate with
They need a digital certificate for you and you need a digital certificate for them (for 2-way communication)
How do you get hold of someone else’s certificate?
PGP & PKI: Someone can send it to you in an email
PKI: there may be centralized, searchable stores of certificates
How do you know whether to trust another party’s certificate or not?