[Discuss] Why the dislike of X.509?

[bogstad at pobox.com (Bill Bogstad)]

On Mon, Aug 25, 2014 at 3:54 PM, Bill Ricker <bill.n1vux at gmail.com> wrote:

> ...
>
> (Which doesn't change that anything that smells like escrow smells
> 'off' to those who care about security that really works.  From what
> Rich has said re dates, his allergy to escrow likely stems from the
> same controversy as mine.
> http://www.cryptomuseum.com/crypto/usa/clipper.htm
> http://en.wikipedia.org/wiki/Clipper_chip#Backlash
>    X509 PKI is not normally considered an escrow regime in normal
> usage, but Rich is quite correct that central CAs or other registries
> have *abilities* that are hard to distinguish from Escrow - even if
> they never know your private key, they can at the very least forge
> another one with the same apparent identity, and so spoof you to
> others -- or spoof someone important to you.
>

I think there are still some significant differences between key escrow and
a X509 PKI system.   Please correct any errors.

Key Escrow - Holder of Key can read all your old messages, read any new
messages you create, and pretend to be you in a way that is
indistinguishable? from your own signing.

X509 PKI - Holder of a CA can't read old messages you sent, can't read any
new messages that you send,  can pretend to be you (but with a key that is
different from the one that you are using).  The pretending to be you is a
bit like the you/evil twin thing.   Recipient can't tell which one is the
real you, but can tell that two different entities are trying to claim to
be you based on the CA that they are using.  (Okay if they compromised the
CA that you actually used, that may not be true; but lets assume they
compromised Certs-R-Us instead of whatever ultra-secure CA that you used.)

Now while I see that PKI has issues, I think it is a little much to claim
that it is as bad as PKI.   Or maybe I'm missing something.

Bill Bogstad