Slashdot Mirror
Ask Slashdot: Is there an Open PKI initiative?
Psarchasm
asks:
"Recently I've begun looking into PKIs
(Public Key Infrastructures). And with all
the pros I've found (desktop security, IPSec/VPN,
digital signatures, running our own
Certificate Authority - I seem to have run
into a rather unfortunate con. I
can't find an Open Source PKI initiative.
Is there any work being done on an Open
Source CA server? How about a PGP Key
Server? Would it be possible to
implement something semi-secure in
a closed environment with a combination of
PHP3/SQL/LDAP for a PGP Key Server?"
There was an article in the March Linux Journal on this very topic. Unfortunately there are no PKI resources listed for it.
Nope, there's very little in the way of open-source PK.
Afaik, the PGP keyserver is freeware, but not OSS.
The MUSCLE project http://www.linuxnet.com
is sort of this initiative. It is currently working on building an infrastructure for secure key storage using a smartcard ( PC/SC ) Future applications will support an LDAP initiative which will break grounds on an open PKI. Anyone interested, please join the mailing list.
I don't remember where I read t exactly, but you are right : The RSA patent should expire within a year or two. Still a long time for the Internet but not too bad when you consider that there hasn't been any serious development in RSA cryptoanalysis recently that would render the algorithm useless after the patent expiration (by opposition to DES which is now almost a joke).
Anybody know if there's a patent on El-Gamal and who owns it ?
There is a client certificate request page in SSLEAY 0.9x and with PHP3 supporting LDAP, an openPKI shouldn't be that hard to create....
Ronald van Kuijk
Perhaps it could be designed to be administration free and thus cost free in the first place. Some sort of distributed administration system might be in order here ?
The RSA patent will expire on 9/20/2000. This is a major concern. The other concern should be security. Who is going to pay for the overhead involved with being a Certificate Authority? CA's need to have especially tight security with the root certificate, otherwise all certificates can be forged under a given CA. This my little open sourcers, costs $$$. Now if a trusted agency would agree to pay the costs assocated with securing a CA, or their would be some kind of fee arrangement, similar to setting up a domain, then sufficient revenue could be generated to have a open CA.
It's available at http://www.gnupg.org
Current version is 0.9.3
but I'll have to ckeck when I get back to the office tomorrow. One was made available by IBM (but under what license, I don't know) and the other is from the National Institute of Standards and Technology (NIST, here in the US). The NIST details were in an e-mail that I got on Friday. I'll add another reply to this thread with the details tomorrow (1 March 1999).
By the way, I'm trying to form a Federal OSS affinity group of people working in the US government. This would be a charted group working under the auspices of the CIO Interoperability Committee. If interested, send me a note.
artch.griffin@gsa.gov
James A Griffin
OIT/OGP/GSA
The most interesting PKS is the one that can authenticate X.509 certificates, because this is what SSL (i.e. browsers) uses. When you create a certificate, you "sign" it saying that you believe they are who they say. The signature algorithm for X.509 has several options but the main one people are using is 1024 bit RSA. Problem is RSA is patented in the US (expires 2001).
I created a totally patent free cryptography library, which I will probably release as open source in a few months. I used Elliptical curve systems to do PK and key signs, as well as 128 bit CAST for symmetric encryption and SHA1 for message digest. I would like to see it become part of the IEEE spec for ECC and thus standardized enough to convince browser makers to implement. It would be very easy to make something like PGP with this library. PGP pisses me off because it's not free for commercial use.
Anyway, I currently use the code to create my own patent free SSL-like protocol.
The nice thing about ECC keys, besides being un-patented, is that they are much stronger than RSA, which means they can be much shorter bit lengths. Certicom recommends 160 bit keys (compared with 1024 bit RSA). I use 240 bit keys to be safe, printed base-32 they are quite short and can be appended to every email without looking as ugly as PGP keys.
ECCPK1.0
I don't know when I'll get around to finishing things up, but write me if you have a passing interest in this.
Jonathan Clark
jc@crack.com
One that I just saw today:
;-)
Open Secure Certificate ARchitecture -
http://www.dstc.qut.edu.au/MSU/projects/pki/
Then there's Openssl, if you dont mind doing a
lot of work
http://www.openssl.org/
But ot is true that there really is a need for
something like OpenCA, to combine other stuff
like OpenSSL, OpenLDAP and Apache/mod_ssl into a
full scale PKI solution with distribution of
public keys and SSL based ACL handling in
Apache.
Just my $.02
the Dane
---
QOTD:
Talent does what it can, genius what it must.
I do what I get paid to do.
The sample implementation is export controlled of course but there's source and no controls if you don't use the RSA sig stuff. There's S/MIME, PCMCIA interface, directory protocols etc all available.
Plus it's poetic justice. You can judge for yourself if this stuff meets the definiton of open source.
The Diffie-Hellman patent expired in April of 1997, actually, and it's the patent that basically covered nearly any kind of useful public key encryption. (At least, in Public Key Partners' opinion, and nobody ever called them on it successfully.)
The RSA patent, as several people have already mentioned, is still in force--however, El Gamal, a perfectly usable public key algorithm, is not patented, or at least it wasn't in 1996. It could very conceivably be used for some sort of open-source encryption initiative--and one without any of PKP's Draconian licensing restrictions....
Source is Bruce Schneier, Applied Cryptography, second edition. Hopefully the info's still good.
See project oscar at http://oscar.dstc.qut.edu.au/
- James
There is also this site at NIST but the work is
a little dated. Not sure if they are intending
to keep it up or not.
Most of the costs are associated with having some checks done to see if you are who you claim to be.
If everyone never lied about who they are, we wouldn't have this cost (nor would we need PKI).
They other cost components are to cover themselves in case someone slips through the check (minimal as they may be), marketing, and accrediting the CA service so that the certs can interoperate with others.
I don't see this happening for free.
The code itself may be free, and a closed user group is easy to set-up - the very limited interoperation that occurs means external costs are inherent if a wider usage circle is desired
Excuse me, but the oringial post says PKI helps with desktop security etc.
That statement is reasonably true only if the OS/desktop can reliably store and process the secret key reasonably security ie with low fear of compromise.
Otherwise, PKI certs are an answer waiting for a problem.
Everyone with Smartcards is a good start.
Lack of Smartcards is a bad start - would you rather trust a dig.sig from an environment where all were securely generated (for example, smartcard based), or an environment where some (or all) are generated on insecure company/home desktops.
Lyal
IBM's reference PKIX implementation1 098.html
l _cook.html
http://stage.www.ibm.com/security/html/pr_pkix9
Rolling your own CA:
http://www.ultranet.com/~fhirsch/Papers/cook/ss
Lots of crypto related infos:
http://www.uen.org/staff/hso/crypto.html
A CA is -not- a PKI, no matter what Verisign says!
The keys are easily generated and stored, encrypted, on the users machine. Then the keys are unlocked with the use of a password. This satisfies the two-items requirement for a secure system (you must provide the system with two of the following: something you have, something you know, something you are). You have the 'secure file' which contains the keys (something you have), and you have the password, which is something you know.
A smartcard simply replaces the secure file. You still need 'something you know' or 'something you are' to maintain security.
Biometrics can be used as well, which gives 'something you are'.
And two of the three things will give you sufficient security. Only having one of the three (ie only a smartcard) isn't secure at all.
I don't know of any Open Source initiatives around this, but the standard you want to be looking at is PKIX-CMP. Check out the IETF draft.
There are also a lot of links to good white papers and other references at the Entrust Technologies resources page.
I'd have to say that the number of file stealing/copying attacks that exist (especially in all flavours of Windows) means the "securely encrypted" files are not immune to being copied by any web site, or macro/batch file.
Password cracking is an old sport of many, as are dictionary attacks.
Impersonation by (mis)using someone elses certificate is real, and here today.
Lyal
Hack something on top of JNDI ?
There's also Globus but they don't provide copyright info.
Also a no-export thang at MIT .
To act as a CA, all you need is OpenSSL (or its progenitor SSLeay). Both include scripts which, after a little tweaking, will allow you to sign certificate requests.
The difficulty in being a CA is not the software, but rather the business systems that must be developed and adhered to in order to insure correct authentication, legal accountability and strong security.
I suspect that a company looking to set up a CA would spend orders of magnitude more on Lawyers than on software.
Posted by Mr. Assembly:
I have looked for a service to issue me a key, and typical costs are $10 to $30 for a year. Any open source initiative would require a constant administration which would cost something, as they're very few volunteers who can spend 100 percent time that an effort like this would require.
Posted by Mr. Assembly:
No, cost is not the problem perse. What bothers me is having to pay to sign and say "its me". I am not versed enough to say how easy it is to generate a digital key/signature -
I could be overly sensitive though - how much do notary publics charge?
I wrote an article for the May issue of WebTechniques on PHP + LDAP. It walks you through how to build a web interface for an LDAP directory. Look for it.
-Rasmus
Be sure to check out this draft IETF standard, the Simple Public Key Infrastructure:
h tml
http://www.ietf.org/html.charters/spki-charter.
--
Xenu loves you!
The German c't magazine runs it's crypto campaign for over a year now and regularily offers key signing services (with personal ID checks) at expos and other public events.
btw. what exactly do you mean by "Open Source" in this context?
Will a PGP keyserver also serve keys for GPG? Or is that a stupid question? I don't know enough about PKCS to discern.
If tits were wings it'd be flying around.
I'm a lowly law student with a bit of a commercial aspiration. It concerns a networking service aimed at businesses with a special need for confidential communications. I'm going to roll a custom distro based on debian that can be installed on pc/servers to make a cheap but secure server/network. By Dec 1999, I hope to be ready to offer these services. Then, I would begin implementation mid-2000. I think this idea has huge ramifications and can translate into other business opportunities later. I'm a student, so I plan on starting from a shoe-string. Since this is a service, it will not need too much start-up capital. I hate to seek commercial promotion here, but my isolation dictates communication where I can. Email me.
Unfortunately, the difficulty in public key technology isn't obtaining the algorithms or reasonable source code for it. RSA and Diffie-Hellman software patents cover a pretty wide range of possible approaches to public key encryption, so any open source project would run the risk of infringement. (The reason PGP is still in existence in the U.S. is that RSA granted them license to use the RSA algorithm for noncommercial PGP use. So PGP isn't a suitable candidate for open source either.)
However, I believe RSA's patent(s) was (were) issued in 1983. Thus, it may be that the 17-year lifetime of that grant will expire very soon! Does anyone know whether that's true?
I'm a Notary Public, and as far as I know this isn't a typical service that notaries offer. The legal infrastructure just isn't there in most states. I guess I could notorize a document containing your public key and signature, but its legal validity is questionable.
However, if you need me to marry you to someone, give me a call!
I believe that IBM has released an opensource x.509v3 toolkit
(libraries and tools + some oscp stuff if I remember right) for unconditional use.
There was the usual export crapola so I have not been able to look at it myself.
I agree that this needs to be done!
It might be a good idea to do it in close cooperation (if not within) the
openssl project who have to deal with certificates anyway
and probably already have much of the code needed. Perhaps someone
from openssl reads slashdot and can say something about their
plans in the pki area.