'User Certs' [Was Re: [LINK] PayPal to combat phishing with key fobs

Roger Clarke Roger.Clarke at xamax.com.au
Sun Jan 14 17:07:29 AEDT 2007

Some observations about signing by users.

1.  In general I agree with what Craig says, but ...

2.  It's important to avoid the commonly-used shorthand, because it's
     misleading in an important manner.

     The certificate and the 'private digital signature key' need to be

     All sentences that refer to 'something that the user knows' need to
     use the term 'private key' and the generation of a 'digital signature'.

     All sentences that refer to how the server-side / fin'l instn uses
     the digital signature to perform authentication of the client need
     to use the term 'certificate'.

     I know it's pedantic but it matters.  All manner of blunders are
     being made by user organisations, and by the under-educated sales
     people working for suppliers, because the language has been
     allowed to slip, and misinformation is being spread all over the

3.  A decade ago, when people mistakenly thought that PKI would help,
     I was deeply involved in a lot of work, variously consultancy and
     research.  These are about as crisp as anything I wrote back then:
     http://www.anu.edu.au/people/Roger.Clarke/DV/DigSig.html#Pte (1997)
     http://www.anu.edu.au/people/Roger.Clarke/DV/PKIPosn.html (1998)
     http://www.anu.edu.au/people/Roger.Clarke/II/ECIS2001.html (2001)

     The conclusion was, and remains:

"Conventional PKI involves enormous complexity, effort and expense, 
in return for insecure protections, very weak evidence, and very 
limited recourse. Both corporations and individuals, including 
consumers, citizens, employees and contractors (especially those in 
sensitive circumstances) should have serious doubts about schemes of 
this nature being inflicted upon them."

At 16:19 +1100 14/1/07, Craig Sanders wrote:
>>about the only thing that might work is client-side certificates.
>all banking sites need to do to enable that is to have an option where
>the user can upload their public certificate and click an option that
>says "only allow connections from this certificate".
>alternatively, a button at the bank site to generate a client
>certificate and download it to the client.
>of course, phishers can still attack windows users by sending out
>viruses/trojans that look for and steal certificate files. fortunately,
>it is possible to protect them with a pass-phrase (which doesn't get
>sent to a remote web site).
>a client certificate would be another instance of "something you have"
>- another level of authentication...but because it's digital and is on
>the client's computer, is easier to copy/steal than a separate hardware
>device like a key-chain gizmo.

Roger Clarke                  http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in Info Science & Eng  Australian National University
Visiting Professor in the eCommerce Program      University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW

More information about the Link mailing list