[asterisk-users] Security communication dilemma: your help needed

Kevin P. Fleming kpfleming at digium.com
Sat Jan 10 11:28:51 CST 2009


Tzafrir Cohen wrote:
> On Sat, Jan 10, 2009 at 10:04:53AM -0600, Kevin P. Fleming wrote:
>> Tzafrir Cohen wrote:
>>
>>> Suggested modification)
>>>
>>> X also signs the message with his public key.
>>>
>>> (If X doesn't want to, this automated procedure will not apply)
>> I don't understand; if X signs the message using his public key, then
>> recipients would need X's private key to verify the signature. Who would
>> have that besides X?
> 
> Many people publish their public key on keyservers. 

Umm... you didn't answer my question! You proposed that X would sign the
message using his *public* key. Doing so requires that the recipients of
the message use his *private* key to verify the signature, since this is
asymmetric key encryption. Normally when an email message is signed, the
signature is created using the signer's private key, and the public key
is used to verify the signature. This is what I proposed in the original
message.

>>> The security alias processor has in its keyring the "approved" public
>>> keys. If the signature passes, the mail can be simply forwarded as-is. 
>> No, it can't. It has to be sent onwards to the recipients in encrypted
>> form, and the original message can't be sent to them because they don't
>> have the private key to use to decrypt the message (they would all need
>> the security@ private key to do so).
> 
> This means that the message can no longer be signed.

Why? It can be signed by the email processor so that A, B, C and D know
that it's a validly forwarded message, and the fact that the processor
forwarded it means the processor validated the signature from X on the
original message. This is a chain of trust that we'd be satisfied with.

>>> Rationale: I wouldn't want this delay for every message I send through
>>> the alias.
>> I don't imagine this would take more than a minute to process a message.
>> It would hardly be noticeable.
> 
> It makes email interactive. Email (by nature) isn't. I hate it when I
> have to confirm everything. Even more so when I have to do it every time
> around.

What would you have to confirm? You'd receive a message from security@,
which was signed and encrypted using keys you have in your keyring. Your
email client will offer to decrypt the message, and then verify the
signature. This is exactly the same as receiving any other encrypted
message, there is no 'confirmation' or interactivity.

-- 
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
skype: kpfleming | jabber: kpfleming at digium.com
Check us out at www.digium.com & www.asterisk.org



More information about the asterisk-users mailing list