hurricanes and digital commerce and financial cryptography

[Robert Hettinga <rah@shipwright.com>]

--- begin forwarded text


X-Sender: rodney@module-one.tillerman.nu
Date: Thu, 24 Sep 1998 07:32:20 -0400
To: dcsb@ai.mit.edu
From: Rodney Thayer <rodney@tillerman.nu>
Subject: hurricanes and digital commerce and financial cryptography
Mime-Version: 1.0
Sender: bounce-dcsb@ai.mit.edu
Precedence: bulk
Reply-To: Rodney Thayer <rodney@tillerman.nu>
Status: U

Ok, Anguilla has had it's liter of rainwater worth
of fame from this damn hurricane.  Time for South Florida.
So, ahem,...

It's Thursday and there's a hurricane coming.

There's plenty of beer in the starboard refrigerator and plenty
of frozen White Castle hamburgers in the port refrigerator.
The gas generator is all set to keep the server and the notebook
PC battery chargers running.  The local badly run telephone monopoly
claims it can keep the telephone network up, we'll see if they are
telling the truth when there's a foot of water on the road.

In spit of the crypto-refugee claims, there's plenty of crypto
work here, and this 'offshore' location is only about 100 feet
from the mainland so it's not actually exporting code when I
drive back to the office from the local computer store with the
PC in my car.

Here's my commerce question.  How often do people expect to cycle
private keys from PKI systems?  I mean, suppose you have a web
server, or an IPSec router, or some related device.  I would
assume you'd actually generate a new key pair every time you
get a new certificate.  So, for example, if you get a new
certificate every six months for a web server, you would use
a new private key.

It turns out there is some debate over this.  Some people assume
the private key lives essentially forever, and that you'd simply
get a new certificate against the same old key pair.  I myself
think this is rock stupid because one of the threat models is
that the private key gets stolen, and the longer it's used the
longer it's stealable.

This relates to hurricanes.

If you know any IPSec-aware routers, or any secure web servers,
or any other PKI-based devices, and they are in the Florida Keys,
you had better assume they'll need new key pairs as of some time Sunday.
You see, unless I've missed the "waterproofing" requirements in
FIPS 140 (the government security hardware standard), then those
boxes will all be under water and will require replacement.  So any
of these PKI Service Provider models that assume the private key is
immortal are about to be proven wrong.  And there better be something
in your revocation procedure for "the private key was destroyed by
an act of nature".  Look that up in your CPS and your Digital Signature
legislation.

But I need to go prepare, it's supposed to start getting exciting here
in Clearwater, some time today.

[I pass the torch to some DCSB subscriber in the New Orleans area...]

--------
Rodney Thayer <rodney@tillerman.nu>

"layer of sand separate transmitted and received packets".
(with apologies to Keith Law son.)


For help on using this list (especially unsubscribing), send a message to
"dcsb-request@ai.mit.edu" with one line of text: "help".

--- end forwarded text


-----------------
Robert A. Hettinga <mailto: rah@philodox.com>
Philodox Financial Technology Evangelism <http://www.philodox.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'