18.6 WHO CAN YOU TRUST?: KOHNFELDER'S CERTIFICATES

Kohnfelder writes in Part I, Section D, Weaknesses in Public-Key Cryptosystems of his thesis,

Although the enemy may eavesdrop on the key transmission system, the key must be sent via a channel in such a way that the originator of the transmission is reliably known.

Kohnfelder observed that all public-key cryptosystems are vulnerable to a spoofing attack if the public keys are not certified; User_ID[C] pretending to be User_ID[A] to User_ID[B] by providing User_ID[C]'s public-key (in place of User_ID[A]'s public key) to User_ID[B]. Unless User_ID[B] has some way of checking the correspondence between ID[A] and PuK(ID[K]), this type of spoofing attack is possible.

Kohnfelder proposed a method to make spoofing more difficult in Part III of his thesis. He postulates the existence of a public file image that contains (in my notation) pairs {(ID[A]), PuK([ID[A])} for each user in the system. Although it might be possible for User_ID[C] to contact image to ask for a copy of User_ID[A]'s public key, the public file solution suffers from the same operational defects as a network-wide key server:

  • What entity will maintain and certify a large database that is continually changing?
  • The public file will need to be replicated to prevent severe access ...

Get Computer Security and Cryptography now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial