KeySigningServerDesc.12.Jan.95

This is a brief description of how the Kerberos-based PGP key-signing server
works (as presently understood).  

Jeff Hodges & Roland Schemers, Stanford (based on code from and conversations
with Ted T'so of MIT)


+-----------------------+
| Kerberos Auth service |
+-----------------------+
  ^
  |
[ user authenticates (1) ]
  |
  |
  V
                                                  +----------------------+
  o          [ user xmits public key    ]         |  Kerberized          |
 \|/    -----[ to KSS via authenticated ]-------> |  Key Signing Server  |
 / \         [ session. (2)             ]         |  (KSS)               |
user                                              |                      |
     <-------[ KSS returns signed       ]-------  |                      |
  |          [ certificate. (3)         ]         +----------------------+
  |
  |
  V
[ user distributes his signed public key certificate. (4) ]

          ^
          |
          |
[ Other users, using various clients, e.g. email, obtain public key  ]
[ certificates as-needed, including that of the KSS. (5)             ]

		+--------------------------------------+

(1) In this scenario, the user simply authenticates as usual, typically when
arriving for the day. Many tools the he uses -- e.g. AFS, email, etc. --
require it.

(2) The user uses PGP tools to generate his PGP public & private key pair. He
keeps his private key securely to himself, and uses a simple tool to send his
public key to the KSS for certification. This tool uses an authenticated
session since the user is already authenticated and has a Ticket Granting
Ticket.  

(3) The KSS returns the signed certificate. Its signing of the certificate is
based upon the user already being authenticated via the Kerberos authentication
service. The KSS does some simple verification on the user id in the public key
before signing it. For example, these checks might be that it only signs keys
with user ids of the form: user@leland.stanford.edu or user@stanford.edu. The
certificate, signed with the KSS's private key, is sent to the user. 
Additionally, as a part of fielding the KSS, it's public key is made available
to the network at large in some manner. 

(4) The user distributes his signed public key certificate. He can do this in
various manners. Currently he can distribute it to the various public key
distribution servers that are popping up around the Internet. Other options
might include distribution via his organization's white pages server or
specific public key distribution server. The KSS's public key may also be
distributed in these fashions.  

(5) Other users who wish or need to use the original user's public key obtain
his certificate and that of the KSS from the various distribution venues, and
use the KSS's public key to verify the user's certificate, and then utilize his
public key. For example, they may use it to decrypt and verify an email message
from the user, or they may be sending him a private message they wish to
encrypt in his public key.