>> The assumption here is that the CA operator (or its RAs) can be trusted to
>> issue a certificate bearing the peer's true identity more than the Trust
>> Router operator can be trusted not to modify the DH exchange.
> The problem is slightly more complex than that, but it depends on scale.
> Is there 1 trust router operator or is there a network of operators?
> If the trust router network is federating internationally, is there 100%
> trust in every trust router operator? How far does that trust go?
> Does that trust go as far as them knowing the identity and all SAML
> attributes of authentication sessions that are initially routed through
> that trust router?
SAML attributes do not cross the TR, they are exchange directly between
idP and RP.
The discussion about to use a federated PKI or not is not a new topic in
the list, you can see previous emails. The question is that in Moonshot,
one of the requirements (and probably the most important one) (please,
correct me if I'm wrong) is that a federated PKI is not desired.
Regards, Gabi.
>
> By separating identity trust from authorisation within the federation by
> simplifying the trust router network these questions boil down to: Can
> they be trusted to assert that these realms belong to this community?
> Which is precisely the role of the Trust Router Network.
>
>> If we were to simplify the role of the Trust Router along the lines that
>> you propose, it would be useful to know why you think this assumption is
>> true. Particularly given that well-known CAs are perfectly capable of
>> issuing certificates to unexpected peers, either intentionally or as a
>> result of a compromise, and that dubious CAs have been distributed using
>> channels that were assumed to be trustable.
> This is true, but even a compromised CA cannot perform a
> man-in-the-middle attack on the system without compromising either the
> routing or the trust router itself. False certificates can be issued by
> CAs, though this is definitely not common practise, nor is it a feasible
> angle of attack without compromising an entire CA. Large scale handing
> out of false certificates would mean the end of the CA (Look at what
> happened to DigiNotar). Do you trust the certificate your bank issues
> and is signed by a 3rd party? Why (not)?
>
>>
>> Of course a Trust Router, as an online system, could be compromised by a
>> malicious actor more easily than an offline CA. However it is worth noting
>> that Trust Routers only need to be visible to their immediate clients and
>> peers unlike, say, an OSCP responder that must be exposed to the Internet
>> at large. It makes no sense to trust an issuer to verify an identity more
>> than you trust the same issuer to retract that claim.
>>
>>
> Well, sure, but the main problem is that the Trust Router is both in
> charge of routing and identity verification. This is a single point of
> failure from a security standpoint and could compromise an entire
> federation. I do agree that OCSP is not a very good system for
> revocation, but that does not expose the private key of the signing CA
> to the internet.
>
>
> -- Wilco Baan Hofman
>
|