Robot CA at toehold.com

Kyle Hasselbacher kyle@toehold.com
Tue Dec 10 19:53:02 2002 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Dec 10, 2002 at 12:56:05PM -0500, David Shaw wrote:

>Incidentally, what do you plan to do if/when your robot key gets
>compromised?  There are a lot of "Granny"s that will need their
>configurations updated.

Well, there's the Super Signer idea.  Granny would have a key that's
trusted to sign robot keys.  Right now that's just me, but it could be a
more formal non-human key.  I think it might as well be a list of trusted
operators, or perhaps the author of Granny's software.  In any case, it
could/should be something more secure than the robot itself.  A non-human
off in a safe somewhere is better than just my key, but I'll keep talking
about it as if it's just me for now.

When the robot is compromised, I revoke it.

Automated-like Granny's software notices the revocation.  It resubmits her
key to the robot to get a new signature.  It finds the new key that signed
Granny, and checks to see if it's signed by me (the Super Signer).  If so,
it can start trusting that key the way it trusted the old one.  If not,
she's stuck for the moment.  The software can try to resubmit again later.

Granny's contacts all go through the same procedure.  They look on their
favorite key server periodically for that revocation (daily?  hourly?).
When it happens, hopefully the operator already has a new key in place, and
everyone picks it up as they notice it.  As they all get resigned, they can
start encrypting again (or maybe they keep encrypting but with a gentle
warning).

The attacker has a window while the compromise is undiscovered.  After
that, there's a window for each user until the software catches up with the
new situation.

If the Super Signer is compromised, then it's the apocalypse.  But, that's
the nature of a CA.  If there's more than one Super Signer (the programmer
plus the operators) and more than one Robot CA, this gets easier.  If one
Super Signer gets revoked, Granny can still rely on the others (until she
gets a new list by upgrading her software (in 10 years)).

If there's more than one Robot CA, people get signed by two or three so
that when one gets compromised, their multiply-signed keys are still
"trusted" as far as Granny's software is concerned.  They still should get
a new signature when there's a compromise, but there's no rush to do it,
and no window where Granny has no way to trust their keys.

I'd really like to be just one of many Robot CA operators.  I think the
software could use a few more months of shakedown before it goes into
common usage, but ultimately it's an idea that works better if it's spread
around.

Considering the variety of opinions about how the robot should or should
not work, there could be robots with different policies.  Users can then
decide which policies they like best and trust those robots but not the
others.  (And by "users" I mean people writing Granny's software or real
GnuPG users capable of making those decisions.)
- -- 
Kyle Hasselbacher | Artificial intelligences make mistakes too, only faster.
kyle@toehold.com  |                              -- Larry Wall
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE99jhL10sofiqUxIQRAlv7AKDnFYzf0kIGq3QaW+gbKoTbKsvxnwCghUPW
eVZdpLwebF+N36ULu5jfzw4=
=DfE7
-----END PGP SIGNATURE-----