application of attribute certificates in s/mime greg colla & michael zolotarev baltimore...

Application of Attribute Certificates in S/MIME

Greg Colla & Michael Zolotarev

Baltimore Technologies

47th IETF ConferenceAdelaide, March 2000

IETF47, Mar 2000, Adelaide

Overview

• S/MIME and PK Certificates• S/MIME Problems• Secure mail requirements• Possible solutions• E-mail Attribute Certificates• Practical Implementation• Issues

Attribute Certificates & S/MIME


S/MIME Certificate Usage

[email protected]

Verification – check signer’s e-mail address against sender’s addressEncryption – obtaining “encryptee’s” public key certificate

[email protected]



S/MIME Problems• Multiple e-mail addresses

– User has multiple e-mail addresses

• Maintenance of e-mail addresses– Change company name (and Internet domain)

• Security Proxy– a proxy signs and decrypts on behalf of many

users

• Privacy/Spam

[email protected]@dev.foo.com

[email protected]



Essential RequirementsAddress Aliasing:Associate a single entity with multiple e-mail addresses, with a single PKC.

Secure Proxying:Associate multiple entities, each with their own e-mail address, with a common PKC.

Address Sharing:Associate multiple entities, each with their own PKC, with a single e-mail address.



Solution Criteria

• Cryptographically bound association between an e-mail address and a public key

• Unambiguous reference from e-mail address to PK certificate(s)

• Dynamic extension of address set• Practical aspects

– Generation, distribution, publication, retrieval, verification

• Minimum of changes to current standards• Utilize existing infrastructure



Overview of Possible Solutions

1. Embed e-mail address into entity’s certa) One e-mail address per certificate, each with

same public key

b) One certificate with multiple e-mail addresses

2. AddressPKC association signed by entity– Authenticated attributes

3. AddressPKC association signed by TTP– Attribute Certificate



Attribute Certificates

• Flexible• Scalable• Standards Based• Available

Infrastructure

TTP (AA)

Owner

E-mail address

Signature

Other Attributes



Cryptographically bind e-mail addresses withGateway’s PK certificate

[email protected]

[email protected]

cn=Gateway

AC

[email protected]@foo.com

AC

E-mail Attribute CertificatesAttribute Certificates & S/MIME


E-mail Attribute Certificates

Cryptographically bind e-mail addresses with entity’s PK certificate

[email protected]

[email protected]

cn=Alice

AC

[email protected]@dev.foo.com

AC



Practical Implementation (1/5)

• Generation– Generation by an Attribute Authority(AA)

• TTP attests that the address is associated with the entity

• Request– By or on behalf of entity– Automatically by security proxy– By relying party (LAAP)




• Distribution & Retrieval– Generate by AA, publish in LDAP– Distribute as part of signed message– Retrieval based on e-mail address

• Validity & Revocation– Validity: as long as the PKC & e-mail

address remain valid – Revocation: use available standards




Retrieving attribute and PK certificates from LDAP

1.Use the from: or to: address from message as a search index

2.Request the directory to retrieve all attribute certificates from the matching entries

3.Out of all returned attribute certificates, select those with required e-mail address

4.Retrieve PK certificates referenced by selected attribute certificates

[email protected][email protected]=

attributeCertificate=

Alice’s new LDAP entry




Message Verification Walkthrough

– Retrieve e-mail AC(s) using sender’s address as index

– Retrieve PKC(s) referenced by AC(s)– Identify signing certificate– Validate ...– Validate the message




Message Encryption Walkthrough

– Retrieve e-mail AC(s) using recipient’s address as index

– Validate ...– Retrieve PKC(s) referenced by valid e-

mail AC(s)– Validate ...– Encrypt the message using valid

encryption certificate(s)



Other Considerations

• Privacy– Remove private information from PK

certificate– Different access control on PK certificate than

e-mail AC in directory– Different directories for email ACs and PKCs

• Security– Need to ensure that content of e-mail AC is

[email protected]



Comparison with existing Infrastructure

Existing• Multiple addresses in certificate• Re-issue keys in new certificate

with new e-mail address Supported by existing PK and

S/MIME infrastructure Difficult for large number of e-

mail addresses (ie security proxies)

Difficult to separate internal and external e-mail addresses

Contra to legislation in some countries

Proposed• Store E-mail address in e-mail

AC, which references PKC

• Issue e-mail AC’s as required Flexible method for

maintaining e-mail addresses Infrastructure available Supplements current S/MIME

infrastructure Supports security proxies Defined mechanism to retrieve

PKC’s from directory, AA Additions required to

processing module’s logic



Summary

• Maintenance of e-mail addresses limits S/MIME usability

• Attribute Certificates cryptographically bind e-mail addresses with PK certificates

• E-mail Attribute Certificates provide a flexible solution for maintaining e-mail addresses

• Supplements current infrastructure

• Localized modifications required to S/MIME components to utilize E-mail ACs

• E-mail ACs can be used to solve other S/MIME limitations


application of attribute certificates in s/mime greg colla & michael zolotarev baltimore...

Documents