+1 This is primarily an architecture question.
/anders ----- Original Message ----- From: "Ian G" <i...@iang.org> To: "mozilla's crypto code discussion list" <dev-tech-crypto@lists.mozilla.org> Sent: Friday, January 30, 2009 18:28 Subject: Re: X509 per machine (not per user) - or equivalent needed On 30/1/09 17:07, Denis McCarthy wrote: >> Is there a reason why you want certificates involved? Why can't the >> machine's website just have a drop-down or cookie or something that says >> what store it is in? > > The reason why we want certificates involved is because in general we > don't trust the user to do the right thing outside of working hours. > This is the real digression we have between standard usage of X.509 > and our required usage. No, this is nothing to do with X.509. That's just a framework for public key cryptography and some static claims. Which is little to do with what you are after. > We don't want to issue John Doe who just got a > job in Kwik-e-Mart with a personal certificate to transact business on > behalf of his employer: we want to give him a username and password > that will allow him to transact business through our application > running on an already authenticated PC under the control of the > Kwik-e-Mart IT department. What you want is for the transactions only to be doable on designated PCs. This sort of thing is normally considered to be a VPN question. The reason it is considered a VPN question is because the use of certs & keys & passwords is too brittle. The protection has to be outside, not inside. Consider that a private key is little more than a password (and in this context it is no more than a password). a. PC has a password b. user has a password c. PC authenticates itself to the system d. user authenticates herself to the system e. user authorises a transaction f. system accepts as authentic the transaction That's it! The problem of course here is that if the user wants to go loopy and do business on own-account, she just takes the PC password home and uses that (or if she is smart, she takes all the PC passwords, and "compromises" a friend's password, and does the business in a way that leads people to think it was a hacker...). (The difference between the passphrase "password" and the X.509 "password" is pretty meaningless here.) > Then, the X.509 installation (and therefore > the knowledge of the pass phrase to accomplish such an installation) > can be performed by a trusted individual within the Kwik-e-Mart > organisation, rather than John Doe (who might get criminal notions and > put through transactions using his X509 certificate under his own name > from his ADSL connection at home). Um. OK, I see it. Well, X.509 won't solve that. I don't mean to be rude, but what you need is architecture, not crypto or PKI or tech of any form. This is not really the place for architecture (I wish it were! but it ain't). What you need likely is some help in the general topics of authentication and authorisation and so forth. If anyone mentions X.509 or public key or protocols to you, you are in the *wrong place*. Apologies :) iang >> Can't you install a client-side cert in each browser, and then use >> client-side SSL? From inside your server-side application you can then read >> out the client-side certificate info. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
