Cryptography Reference
In-Depth Information
tributed and stored using insecure channels and systems, as any attempt
at subverting them will be detected through verification of the public file
authority's signature. That is, individuals can exchange their certificates
through email and store them on their computers, confident in the fact
that their authenticity can be verified at any time; furthermore, users need
not interact with the public file for every signature verification, but need
only obtain its public key once.
However, as Kohnfelder noted, distribution of public keys through cer-
tificates introduced new risks and security/efficiency trade-offs. The power
of public-key cryptography rests equally on ease of access to public keys
and on users' control of their private key. If the spread of public key cer-
tificates over the network reduces the need to interact with a central reposi-
tory, it becomes more difficult to recover from the compromise of user's
private key. Indeed, if, through loss or theft, users have lost control over
their private key, the corresponding public key should no longer be used,
either to verify signatures or encrypt messages. Such
key revocation
is dif-
ficult in Kohnfelder's system, given that the certificates containing the key
are now disseminated over the entire network. He suggested three different
solutions, each with different risk and efficiency trade-offs:
1. Require each user to periodically download a list of revoked certificates.
Because it would always be partially out of date, the list would allow some
revoked certificates to slip through.
2. Assign expiration dates to certificates. This limits the damage a compro-
mised key might cause but requires periodic renewal of public-key pairs
for all users, a complex logistical process.
3. At the time of signature verification, contact the public file for an up-
to-date report on the status of the public key. This step provides for
maximum security at the cost of increased resources for the operation of
the public file.31
31
With only minor variations, the essential elements of Kohnfelder's sys-
tem—public-key certificates, a centralized public file authority, and revoca-
tion mechanisms—would remain as the basis for the infrastructure
necessary to society-wide deployment of digital signatures. Throughout the
1990s, the business opportunities entailed by such a deployment would be
repeatedly predicted explosive growth, in spite of lethargic market uptake.
In 1999, business analysis firm Datamonitor commented, “Public key infra-
