[sclug] Re: [dev-crypto] SMIME Opinions

Chris Aitken chris at ion-dreams.com
Mon Nov 29 15:55:43 UTC 2004 

> > Our company is planning on implementing an SMIME service. 
> The service 
> > will allow individuals and organizations within the company to sign 
> > and encrypt outbound documents/emails.
> > 
> > The certificates for partners will be stored, with other 
> info, in an 
> > LDAP directory. The LDAP directory also has an entry for every 
> > organization and person in our company.
> 
> I'd have concerns about privacy and applicable data 
> protection laws (if any), but assuming you've worked all that 
> out, this sounds like a good idea.

Surely no more than details kept in /etc/passwd, or Microsoft's Active
Directory.

 
> > The current directive is that all private/public keypairs for 
> > individuals and organizations within our company will be stored  in 
> > the LDAP directory.
> 
> This sounds like a really bad idea. I'm not an LDAP expert, 
> but isn't the idea of LDAP to provide *access* to data? 
> Whereas the whole point of private keys is that they should 
> be kept private, ie. secret?

To an extent. Generally (openLDAP) you can bind as an anonymous user and
view *most* branches & trees (does that make a uid a leaf?). Bind as a
particular user, and you'll have access to your password. The Admin CN will
have access to everything.
 
> There is always a tradeoff between keeping a secret secret, 
> and keeping it safe: a secret that nobody knows is very 
> secret, but not much use, whereas a secret that lots of 
> people know is unlikely to be lost, but isn't much of a 
> secret either. IMHO this proposal is not a good answer to 
> this dilemma.
> 
> If I had to come up with a counter-proposal, I'd keep the 
> certs on the LDAP server, but keep the private keys on the 
> users' personal workstations, with a suitable offline backup 
> regime to ensure against loss of the private keys. Something 
> like putting each key onto eg. a writable CD and putting all 
> the CDs into a safe ought to do it.

One of the base LDAP schemas has the relevant bumph for storing x509
certificates in. http://devel.linvision.com/doc/lih/v0.4/certificates.html

Probably not best to store the private keys in though. 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Sclug mailing list