Re: PublicKeyFile Format Security Considerations

To: sommerfeld%east.sun.com@localhost
Subject: Re: PublicKeyFile Format Security Considerations
From: RJ Atkinson <rja%extremenetworks.com@localhost>
Date: Sat, 26 Jul 2003 10:44:43 -0400

On Friday, Jul 25, 2003, at 19:25 America/Montreal, Bill Sommerfeldwrote:

  The file format described by this document provides no mechanism
  to verify the integrity or otherwise detect tampering of the
  data stored in such files. It is the responsibility of the parties
  that create or exchange files written in this format to ensure that
  appropriate access controls are applied to such files, and that
  the files, if transfered, are exchanged over a trusted channel.

  The data encoded using this file format is sensitive.


"sensitive" in what sense?

  Implementors are cautioned to verify the correctness of the
  encoding/decoding routines used to save and read files in this
  format. A malfunctioning decoder used to read a public-key file
  will most likely produce unsound data of unknown cryptographic
  properties that in the worst case could be vulnerable various
  forms of cryptographic attack.


Suggested text fragment:

	"Given the potential of an adversary tampering with data stored
	in such files on filesystems, system-specific measures (e.g.
	Access Control Lists, UNIX permissions, other Discretionary
	and/or Mandatory Access Controls) SHOULD be used to protect
	these files."

(edit to taste)

Ran

Follow-Ups:
- Re: PublicKeyFile Format Security Considerations
  - From: Brent McClure

References:
- Re: PublicKeyFile Format Security Considerations
  - From: Bill Sommerfeld

Prev by Date: Re: PublicKeyFile Format Security Considerations
Next by Date: Re: WG Last Call on draft-ietf-secsh-auth-kbdinteract-05.txt
Previous by Thread: Re: PublicKeyFile Format Security Considerations
Next by Thread: Re: PublicKeyFile Format Security Considerations
Indexes:

Home | Main Index | Thread Index | Old Index