On Mon, 29 Jul 2002, Benjamin wrote:
> On Monday, July 29, 2002, at 11:07 , Curt Sampson wrote:
>
> > So what you're saying is that you've just put a lot of effort into
> > creating a device that does authentication and authorization via a
> > public-key crypto system, and now you're going to protect that with a
> > PIN number? What did you put in the crypto for in the first place, then?
>
> With PGP, you protect your private key with a passphrase.
Right.
> Likewise on a mobile, you would protect your private key with a PIN2....
But your private key is on a completely different system! Presumably
your laptop, where's it's protected with a passphrase. And if you
can unlock your private key, you could then use that to authenticate
yourself to the mobile device, and the PIN2 is an unnecessary alternate
access method.
> However, you do know that exhaustive search on a PIN will render the
> phone unusable and you will need a PUK to unlock it (likewise PUK2 for
> PIN2), don't you ?
Of course. Now try to explain that to the consumer. ("I'm sorry--you
can't use your video camera until you take it to an authorized service
center. And that's not Bic Camera, because we sure as heck can't trust
them with keys to unlock every device we've manufactured.")
> I am not so sure I understand your scenario. First, I would not expect a
> camera to have any keys that grant administrative access to another
> device.
It's going to have to have *some* way of authorizing access that lets you
change the keys that can, say, clear the memory of all pictures. Or just
look at what's coming in through the lens right now, and take snapshots.
> So if you loose the camera then you run the risk that the finder/thief
> will be able to upload photos into your computer without asking your
> permission, unless you remove the authorisation for the camera (based on
> the camera's keys) from your computer. That would seem reasonable to me.
Oh, you're putting a key in the camera that gives it access to your laptop?
And you're going to type a passphrase into the camera every time you want
to upload photos? Well, let me tell you, most people won't go for that.
> If you loose your camera and remove the authorisation for it from your
> computer, then find the camera, you may simply start over and exchange
> keys between camera and computer again,
Please explain to me in detail how you exchage keys between the computer
and the camera. Because this is the biggest point I have a problem with.
> >> Likewise, you could have a dialog on your camera "Device 'xyzxyzxyzxyz'
> >> is trying to connect wirelessly. Allow ?"
> >
> > And how do you know what that device is? Remember, there's no physical
> > connection here to verify.
>
> Same situation as with beaming contacts from one Nokia to another via IR.
Yeah, except with IR you can't easily have another hidden device that's
really doing the beaming.
Keep in mind that, with radio, devices you *cannot see*, rather than the
ones you do see, might be the ones you're really communicating with.
> You initiate the connection from device A and at that moment device B
> pops up a dialog telling you about the request and ask your explicit
> permission. It is pretty obvious at that point which device it is that's
> making the request.
No, it's not obvious. See above. The worst thing is that people
might think it's obvious.
> Of course, somebody could observe you when you are
> about to press the button on device A to initiate the request and in
> that very moment initiate a request from their own device C in the hope
> that they'll get lucky and you authorise the request of device C in the
> belief that it is device A that you give your OK to.
Or they could just construct a device that can listen to what's going
on around it and do this automatically. By current technical standards,
this is dead easy. People crack stuff harder than this all the time.
> And I am not going to describe any detailed scheme in public. IPR, prior
> art and all the rest of it.
Oh, do they? References, please.
> So you have to take my word for it: It's no rocket science.
Ben, I'm suspecting at this point I know a heck of a lot more about
crypto than you do (though I am far from an expert), so why don't you
take my word for it instead?
> What I can tell you is that your phone service provider plays a role in
> the key management and the trust model need not be as complex as that of
> PGP because of it. Enough said.
Ha ha! I have only one word (or rather, acronym) for this: PKI. Also
known as "The Holy Grail" in the real world.... (Or do you know of
some PKI infrastructure that's actually widely deployed and working well
tha the rest of us don't know about?)
cjs
--
Curt Sampson <cjs_at_cynic.net> +81 90 7737 2974 http://www.netbsd.org
Don't you know, in this new Dark Age, we're all light. --XTC
Received on Mon Jul 29 19:37:39 2002