[LINK] Modern PKI [was: RFC: Could CAs Be Eavesdropping on Their Clients?]

Roger Clarke Roger.Clarke at xamax.com.au
Mon Aug 16 09:43:03 AEST 2010


There's an all-too-common mistake that pervades discussions about 
authentication.

People blithely assume that second-party identity is central to commerce.

But, mostly, it isn't.

In a bazaar, at the markets, at a fete, the identity of the other 
party is close to irrelevant.  What you see is what you get. 
Authenticate the goods.

Looking at it from the other side, the identities of the faces in the 
crowd are all-but irrelevant.  What you see is what you get. 
Authenticate the money they're offering.

Still gave a couple of other examples of assertions that are worth 
authenticating in particular situations (e.g. is the money I've just 
put in that unknown person's hands enough to create the incentive for 
him to disappear to Brazil with it, or is there enough motivation for 
him to come back with my pie and change?).

In more formalised markets, there are circumstances in which identity 
matters, but plenty where it's again all-but-irrelevant.

Who did you buy your shares from?  (Not 'who did you buy them 
*through*?', but from?).  They're a commodity, i.e. undifferentiated 
- any is as good as any other.  The exchange and the share registry 
between them warrant that you're getting the shares as described.  A 
trader depends on authentication of the traded item, not of the 
identity of the second party.

(Agreed that identity has some relevance in the example:  we probably 
take a bit more care about choosing a broker, because in 
share-trading we have more exposure to our agents and the 
intermediaries than to the second-party.  And sometimes the identity 
of the originator of the goods (rather than of the seller) are 
important - are you *sure* that's a genuine Rolex / Picasso?).

But identity authentication is hard, expensive, onerous, and full of 
security issues - not least the fact that Stephen's article stressed: 
the means that are used to perform identity authentication are 
readily exploited in order to achieve identity fraud.

Ergo:  try to design your systems so that they manage risk by 
authenticating the important assertions, and try to avoid the costs, 
onerousness, uncertainties and insecurities of identity 
authentication.


Now, does anyone want to talk about attribute certificates?  (:-)}



-- 
Roger Clarke                                 http://www.rogerclarke.com/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University



More information about the Link mailing list