[LINK] Modern PKI [was: RFC: Could CAs Be Eavesdropping on Their Clients?]
swilson at lockstep.com.au
Mon Aug 16 05:12:37 AEST 2010
Kim Holburn wrote:
> On 2010/Aug/15, at 4:46 PM, Stephen Wilson wrote:
>> What would 'Internet scale' authentication look like? What would it
>> provide, and what would it be used for?
> Off the top of my head:
> It sounds like we're trying to map a mathematical encryption model
> onto a human trust system. That mapping could only map to a very
> small part of a human trust system.
By the same token, imposing the "human trust system" on the Internet is
where I think the wheels fall off. Why don't we accept that on the
Internet nobody can tell you're a dog? If you want to "trust" someone
then you have to do something out of band. If we reframed the "trust"
problem more carefully (in terms of what information is needed in order
to authenticate a party for the purposes of a given transaction) then we
would do better with the medium. In e-business, "trust" is usually a
red herring, insofar as what I need to know in order to accept most
routine transactions (prescriptions, orders, tax returns, payment
instructions ...) is precisely defined credential information.
Pharmacists for instance don't need to "trust" doctors; instead they
need to trust the medical credential system. The stated aim of early
Big PKI was to enable "stranger to stranger" e-business. That was
always hyperbolic nonsense. Strangers don't do business in the real
world; what makes us wish this to be otherwise on the Internet?
> Internet scale: Hmmm.... security of transactions between users and
> websites on a world-wide basis? International as opposed to in-
> country business. We don't really have a normal way to trust
> businesses in other countries do we?
Let's frame the problem more precisely. We do have ways to recognise
defined qualifications across borders. If I break my leg overseas and
get treated in a hospital, then when I get home, my doctor and my
insurance company can indeed recognise the credentials of the overseas
providers, and "trust" them, and pay my bills (or not). There are many
many cross recognition schemes for professional qualifications etc. And
for technical test regimes. A car or TV build in Korea can be certified
to Australian standards before they export it. Open ended trust is not
the issue in e-business. PKIs can be built to mirror existing
authorisation and cross recognition systems.
> Perhaps the whole idea of a PKI as a solid thing that somehow mirrors
> what we have with paper and human communication is just not possible.
> Certainly not at an international level where we have no model
> anyway. The internet is much more volatile and also wide ranging
I agree. If there is a fatal problem with orthodox Big PKI it is that
the framework could provide "trust". Successful contemporary PKIs
(plural) work well by being more modest, and more self-contained. The
problem they solve now is how to convey specific qualifications or
relationships via digital certificates, to be used to automate certain
types of routine transactions. Good examples are the G2C PKIs of
Denmark and Estonia, the healthcare PKIs of Austria, France, Slovenia
and Taiwan, the conveyancing system in New Zealand, the set-top box PKI
of the cable TV industry, and Skype.
More information about the Link