Review Videos for Lecture 9: Certificates

• Summer 2020 Slides
• Playlist (length: 50:33)

Intro to Key Management

Take some time to think of some solutions on your own before moving on!

Trusted Directory

Let's say the TD includes Bob's name in it's response, but puts the name outside of the signature. What attack can a MiTM now perform?

The attacker can register with the TD and get a signature for their own key, and spoof a response to Alice where they simply give their own public key, the signature of that key, along with Bob’s name. We need the name to be in the signature since then the attacker can’t spoof it.

Updating the Trusted Directory

(True/False) It is secure for Alice to use the same random nonce to request keys for multiple users.

True. Since the signature contains the name of the user, we just need the nonces to be non-repeating for each specific user. It doesn’t matter if another user has the same nonce

Drawbacks of Trusted Directory

(True/False) The main downside of TDs are that they don't scale well and are a central point of attack/trust/availability

True.

Digital Certificates

(True/False) Digital certificates remove the problem of a central point of attack that existed with TDs

False. They remove the central point of availability since anyone can store and provide certificates

Certificate Hierarchies

(True/False) If I am given Verisign's public key, I can verify a certificate for David

False. This relationship doesn’t form a certificate chain - you need the UC President’s public key as well

Revocation

(True/False) The main problem with revocation lists is that they take up a lot of space

False. The list would be fairly small (just certificates that happened to be corrupted and still valid). The problem is that browsers may not be properly downloading lists often enough.