Burke, S (Stephen) wrote on 25 May 2006 15:51:
>
>> [mailto:[log in to unmask]] On Behalf Of Jensen, J (Jens) said:
>> You probably know this but Dave Kant implemented encryption stuff
>> for APEL. It takes the DN, adds random stuff which includes
>> timestamp IIRC, and encrypts it with an RSA public key and sends
>> it off to the central db where it's decrypted. The random
>> stuff prevents the same user from being sent as the same
>> encrypted message every time...
>
> Is it that hard to crack though? You have a fairly small pool of
> possible DNs, and most of the timestamp is predictable.
It's got a lot of random stuff. Here's how it goes:
/C=UK/O=eScience/OU=QueenMaryLondon/L=Physics/CN=dave kant
after having random stuff added to it, becomes (say)
***0.6638886151137005***/C=UK/O=eScience/OU=QueenMaryLondon/L=Physics/CN=dave kant***0.4248717387418809
which is then encrypted. You can estimate the bits.
The FIPS classification that Jeremy mentioned is IMHO a bit of a red
herring - you will want to know how many bits are random, and that
randomness is reasonably good - ie. how much entropy is added. There
are many reasonable PRNGs around that will do fine. And no true RNG
has been FIPS approved - despite that a true RNG will be perfect for
this task - FIPS is just a sort of good-enough-for-our-purpose
statement.
>
>> Maybe it's ok to say that so-and-so is running a job without
>> saying what the job is? The only personal information in the
>> DN is the CN, and that's just the name (the OU and L are
>> specifically *not* saying anything about affiliation).
>
> For the UK, as far as I remember the data protection act covers anything
> which is identifiable as relating to a particular person. Among other
> things, for a two-pound fee anyone who stores data about me has to give
> me a copy of everything - I wonder how many sites could comply?
Personal data is anything that _can help_ identify a person.
The CA (which complies with the DPA, see Appendix B of the policy)
states that the DN is public information[*] - so a site that publishes
your DN can argue that it is publishing information which is already
public. Of course it is publishing more as well, such as the fact you
have run a job (by publishing the DN) - which is outside the scope of
the CA.
[*] In fact, certificates are public. I digress, but I want to make
certificates non-public so we can start sticking email addresses in
them. DNs will still be public and will contain no email address.
Certificates probably become semi-public - you can read your own from
a "secret" HTTP url, and everybody elses once you have a certificate.
Something like that. I am updating the policies and am writing an
announcement about what's new.
Cheers,
--jens
|