[LINK] Modern PKI [was: RFC: Could CAs Be Eavesdropping on Their Clients?]
Roger.Clarke at xamax.com.au
Mon Aug 16 09:43:03 EST 2010
There's an all-too-common mistake that pervades discussions about
People blithely assume that second-party identity is central to commerce.
But, mostly, it isn't.
In a bazaar, at the markets, at a fete, the identity of the other
party is close to irrelevant. What you see is what you get.
Authenticate the goods.
Looking at it from the other side, the identities of the faces in the
crowd are all-but irrelevant. What you see is what you get.
Authenticate the money they're offering.
Still gave a couple of other examples of assertions that are worth
authenticating in particular situations (e.g. is the money I've just
put in that unknown person's hands enough to create the incentive for
him to disappear to Brazil with it, or is there enough motivation for
him to come back with my pie and change?).
In more formalised markets, there are circumstances in which identity
matters, but plenty where it's again all-but-irrelevant.
Who did you buy your shares from? (Not 'who did you buy them
*through*?', but from?). They're a commodity, i.e. undifferentiated
- any is as good as any other. The exchange and the share registry
between them warrant that you're getting the shares as described. A
trader depends on authentication of the traded item, not of the
identity of the second party.
(Agreed that identity has some relevance in the example: we probably
take a bit more care about choosing a broker, because in
share-trading we have more exposure to our agents and the
intermediaries than to the second-party. And sometimes the identity
of the originator of the goods (rather than of the seller) are
important - are you *sure* that's a genuine Rolex / Picasso?).
But identity authentication is hard, expensive, onerous, and full of
security issues - not least the fact that Stephen's article stressed:
the means that are used to perform identity authentication are
readily exploited in order to achieve identity fraud.
Ergo: try to design your systems so that they manage risk by
authenticating the important assertions, and try to avoid the costs,
onerousness, uncertainties and insecurities of identity
Now, does anyone want to talk about attribute certificates? (:-)}
Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
Visiting Professor in Computer Science Australian National University
More information about the Link