[Discuss] Why the dislike of X.509?

[warlord at MIT.EDU (Derek Atkins)]

Richard Pieri <richard.pieri at gmail.com> writes:

> As an aside:
>
> On 8/26/2014 1:04 PM, Derek Atkins wrote:
>> You (or someone) also brought up Kerberos.  Kerberos *IS* a key escrow
>> system.  If an attacker breaks into your KDC they literally have all the
>> keys to your kingdom.  Not only can they impersonate anyone, they can go
>
> I operate a Kerberos realm. I am not able to tell my users their
> passwords. I don't have them. Kerberos stores one-way hashes of users'
> passwords. I could brute force the database with sufficient time but
> that is steps removed from having the actual keys in my hands.

Passwords?  We don't need no stinking passwords!  You don't need to know
your user's passwords, you have access to their keys!  If I could dump a
copy of your KDC database then I could then impersonate any user (or
server!) on your network and read all their traffic.  I don't need to
know their passwords to do that.

> A bad actor can do quite a bit with a compromised KDC but these things
> are well known. Steps to prevent compromise are well documented as are
> steps to identify compromised KDCs and mitigate the damage that they can do.

A bad actor can do *everything* with a compromised KDC.  Yes, there are
steps to prevent compromise, just like there are steps to prevent
compromise of an X.509 CA.  The main difference here is that if I
compromise your KDC I can now read all the previously-encrypted traffic,
whereas with a compromised X.509 CA all I can do is impersonate players
in the future.  I.e., a KDC Capture gives you *past* communications!

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available