PKI Labs Conference Call, May 13, 2003

*PKI Labs Conference Call*
May 13, 2003

*Attendees*

Neal McBurnett (convener) - Internet2

Sean Smith - Dartmouth

Eric Norman - Wisconsin

Jeff Schiller - MIT
Peter Honeyman - Michigan
Bob Morgan - Washington
Lisa Hogeboom - Internet2

Ben Chinowsky (scribe) - Internet2

*Discussion*

The group reviewed the minutes of the last meeting, as well as a summary of the federations BoF at the 2nd Annual PKI Research Workshop. Ben will make corrections to both. Peter's advocacy of ephemeral keys for federations led to a short discussion of the problem of key collisions. Sean noted that the likelihood of collisions depends not on the size of the key space, but on the size of the seed space used for the pseudo-random number generator that creates the keys. Sean observed that it's not clear whether this presents any real problems -- even for a PKI that makes use of ephemeral keys -- but suggested that it would make a good paper topic, if important real-world cases could be found where the seed space is smaller than the key space.

Jeff is testifying on the security of P2P filesharing before the House Government Reform Committee this week. He's planning to argue that while from the end-user perspective P2P isn't that different from web or email, the key difference is that P2P is rapidly evolving and actively trying to subvert firewalls. It's easy to see the maintainers of firewalls as the good guys, but what if they're protecting a government that oppresses its citizens? Then the P2Pers trying to subvert the firewall become the good guys. Jeff noted that he and the others with whom he's testifying are bringing a common message to Congress: "This isn't something for you to step in and regulate."

Jeff has been looking into the prospect of the HE CA using iButton hardware (http://www.ibutton.com/ibuttons/java.html) for key storage and signing. Advantages of the iButton over smartcards include a larger memory, onboard power, and an internal clock; Jeff said that the iButton also has a nice development environment. Sean noted that he's heard good things about the iButton, but stressed the importance of doing our own testing -- e.g., to ensure that 2048-bit operations can be performed with reasonable speed -- rather than relying on vendor claims. Having the root key stored on an ultra-portable device makes it extra important to guard against the device being stolen. Jeff suggested that the iButton used for day-to-day signing be set up to zeroize in the absence of a keepalive signal receivable only in the immediate vicinity of the CA; he pointed out that as these devices are so cheap, having multiple backups stored in a physically secure location is no problem. The iButton is tamper-resistant -- it will zeroize itself if opened. Nevertheless, as the only true tamper-proofing involves using explosives (not an option for higher education), and as it's likely that anyone serious enough about obtaining the CA root key to steal the iButton containing it would likely also be pursuing countermeasures to the device's tamper-resistance, Jeff suggested that there be a policy to reissue the key if the iButton is stolen. The iButton batteries are said to be good for four or five years. Jeff is continuing to look into HE CA issues; he expressed optimism about getting the HE CA launched by the July 1 target.

The next PKI Labs conference call will take place Tuesday, June 10, at 4:00 PM Eastern; this is 24 hours after the regularly-scheduled time.