Public key distribution in Sun's Secure RPC

Antony A. Courtney antony at george.lbl.gov
Fri Jun 21 01:15:55 AEST 1991 

My question is really pretty simple:

In Sun's Secure RPC, how does the system guarantee that the public keys
dsitributed in the Yellow Pages database publickey.byname are not forged?
Basically, how has Sun solved the problem of key distribution with their
public key system?

>From Sun's Security Features Guide, Chapter 6, "Secure Networking":

   DES Authentication	The security of DES authentication is based on a
			sender's ability to encrypt the current time,
			which the receiver can then decrypt and check
			against its own clock.  The timestamp is
			encrypted with DES.  Two things are necessary for
			this to work: 1) the two agents must agree on what
			the current time is, and 2) the sender and receiver
			must be using the same encryption key.

			...[ how time is synchronized]...

			Here's how the client and server arrive at the same
			encryption key.  When a client wishes to talk to
			a server, it generates a random key for encrypting
			the time stamps (among other things).  This key is
			known as the Conversation Key, CK.  The client
			encrypts the Conversation Key using a public key
			scheme, and sends it to the server in its first
			transaction.  This key is the only thing that is
			ever encrypted with public key cryptography.
			...

To my interpretation of the rest of the documentation, the public key used for
this first transaction is retrieved from the YP database publickey.byname. Now,
what is to stop a potential intruder from impersonating the YP server when the
client queries the YP server?  

If you prefer a scenario:

machine A wants to get a secure channel to B.
intruder is on machine C.
YP server is on machine S.

C keeps a copy of the public keys for lots of the local machines, including A
and B.

A sends an unencrypted request for B's public key to S.

C sees A's request and grabs it and C crashes S somehow.

C responds to A impersonating S, but instead of giving A B's public key, it
gives A C's public key, PKC.

A encrypts CK with PKC and sends it off to B.  C grabs it, decypts it, 
re-encrypts it with the REAL PKB and sends it to B.

C now knows the Conversation Key, CK, and can decrypt any communications
between A and B.



This isn't a new problem, I just want to know how Sun has solved it.



			antony
--
*******************************************************************************
Antony A. Courtney                                        antony at george.lbl.gov
Advanced Development Group                           ucbvax!csam.lbl.gov!antony
Lawrence Berkeley Laboratory                                     (415) 486-6692

More information about the Comp.unix.questions mailing list