#pki

Distributed #pki: Development and Use Cases
▻https://hackernoon.com/distributed-pki-development-and-use-cases-a828287a2e67?source=rss----3a8

https://cdn-images-1.medium.com/max/698/1*iPZz0h0raYuPvqSP5kr63w.jpeg

Distributed PKI isn’t a new idea. There are a lot of articles and attempts to implement the concept in practice. PKI (d) is based on the assumption that there are critical vulnerabilities in the process of issuance and management of certificates by CAs, so there is a need to decentralize certificate authority and make the process more transparent and difficult to compromise.The imperfections of centralized PKI rise to the surface once in a while, causing significant financial and reputational damage. One of the latest examples in mid-2018 describes researchers who found a brand new malware project using stolen digital certificates from several Taiwanese tech-companies, namely D-Link, to sign their malware and making them look like legitimate applications. What is baffling is that (...)

#what-is-pki #distributed-pki #public-key-cryptography #cryptography

KSI : Keyless Security Infrastructure

An Estonian, blockchain stack alternative to PKI, developed in 2007

▻https://guardtime.com/technology/ksi-technology

Unlike traditional approaches that depend on asymmetric key cryptography, KSI uses only hash-function cryptography, allowing verification to rely only on the security of hash-functions and the availability of a public ledger commonly referred to as a blockchain.

A blockchain is a distributed public ledger; a database of transactions such that there is a set of pre-defined rules as to how the ledger gets appended, achieved by distributed consensus of participants in the system.

The KSI blockchain overcomes three major weaknesses of mainstream blockchain technologies - which were designed to facilitate asset transactions - making KSI suitable also for cybersecurity and data governance applications:

• Scalability
• Settlement time
• Formal security proof

It can be used to help combat cyberattacks :

▻https://techcrunch.com/2016/12/05/how-blockchain-can-help-fight-cyberattacks

“The fundamental threat with PKI is that you need to base your security on the secrets (keys) and the people who manage them,” Johnson says. “That is very hard to do well and impossible to prove — just as in the real world you can‘t prove a secret has been kept, in the security world you can‘t prove a key has not been compromised.”

In contrast, instead of relying on secrets, blockchain-based security is predicated on distributing the evidence among many parties, which makes it impossible to manipulate data without being detected.

“Blockchain has eliminated the need for trusted parties to verify the integrity of data just as in the cryptocurrency example it eliminated the need for a centralized authority to act as a bank,” Johnson explains.

See also ▻https://seenthis.net/messages/540234

#blockchain
#PKI #KSI
#DDoS

“#X.509 Style Guide” by Peter Gutmann

▻http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt

Do not be misleaded by the title: it is not a style guide but an implementation guide for the poor programmer forced to implement the cyptographic certificates X.509 standard. X.509 is one of the masterpieces of #ITU: bloated, badly written, self-contradictory and unusable as-is (you have to define profiles, which are restrictions of the standard, to do anything useful; for instance, the Internet relies on the #PKIX profile).

A great reading for the persons who write standards, and for the programmers. If you want to have an idea of how hell looks like, read this text and you will be glad to have a dull and stupid job, rather than being asked by your manager to process X.509 certificates.