[Gpg4win-devel] Strength of X509

Werner Koch wk at gnupg.org
Thu Apr 22 10:14:12 CEST 2010 

On Thu, 22 Apr 2010 08:56, bernhard at intevation.de said:

> reasonable time frame. Also OpenPGP implementations are not as good on 
> checking the current validity like getting uptodate information if a 
> certificate is revoked.

The good thing is that OpenPGP and its implementaions allow to check for
revoked keys and diligent users actually do that for important
transactions.  It is entirely in the certificate/keys[1] owner's hand to
publish a revocation - no central authority is required.  With X.509 you
need to convince your CA to include your certificiate into a CRL and
then you need to convince users to actually check the CRL.  Given that
many large scale CAs have no proper rules on when to include a
certificates into a CRL (sometimes they put all expired certificates
into their CRLs), it really depends on your PKI and its organization
whether this all works.  As usual with OpenPGP a central authority is
not required and thus makes things easier.  It is possible to implement
a complete or partial central authority on top of OpenPGP.  Thus I
conclude that OpenPGP is a superset of what X.509 offers.

> To my knowledge the researchers you mention have mainly discovered 
> implementation and maintenance flaws. Both type of flaws will be there with 
> OpenPGP or any other system as well. Maybe PKI just attracts more research

The mayor drawback of X.509 is that it is too complex: In terms of its
goals, it options, its encodings and finally its implementations.  It is
impossible to get it right because there is no single interpretation of
one of the standards.

BYW, the Web of Trust as commonly used with OpenPGP is also a PKI - a
de-centralized one and not a centralized one as with X.509.

Aside from technical attacks on SSL there is the problem of governments
forcing CAs to issue fake certificates as described in Soghoian and
Stamm's recent paper[1].  The catch here is that browsers trust hundred
of certificates and thus they are all implicitly cross-certified.  Even
if you trust your own governemt not to spy on you, a foreign CA might
have been asked to create a fake certificate.  Although there are ways
to mitigate this threat any centrally controlled infrastructure is
inherently subject to such kinds of attacks.

> to unveil them. So the main criticism to X509 probably is that it is not 
> simple enough to be easily implemented.  I am no real expert, though.

Right.


Salam-Shalom,

   Werner


[1] In an attempt to unify key managers some of us once agreed on using
    the term certificate also for OpenPGP keys.  I am not anymore sure
    whether this was such a good idea, because people always associate
    "certificate" with X.509 and "key" (or correct "keyblock") with
    OpenPGP.  Using "certificate" in the context of OpenPGP seems
    to be confusing for most people.

[2] http://files.cloudprivacy.net/ssl-mitm.pdf

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gpg4win-devel mailing list