[LINK] Modern PKI [was: RFC: Could CAs Be Eavesdropping on Their Clients?]

Stephen Wilson swilson at lockstep.com.au
Mon Aug 16 14:35:14 AEST 2010

Yup, there were some sweeping generalisations implicit in my assertion 
that "strangers don't do business in the real world".  I have a sense of 
what "serious" e-business means in the main online, and I aceept it's a 
biased view.  But what interests me the most in the context of 
electronic authentication are relatively high volume, relatively high 
risk, and highly formalised transactions: e-health orders, 
govt-to-citizen forms, banking, conveyancing, superannuation management 
... These are more prosaic than most Web 2.0 applications, but they are 
where the money is, in terms of providing serious ROI for e-commerce 
going fast and  paperless.

To paraphrase Roger, what often matters when deciding whether or not to 
transact is not *who* the party is, but rather *what* the party is.  
That is, their credentials often matter more than their identity.

One of the tragic misteps in orthodox PKI was the idea that *all* 
digital certificates had to embody a 100 point check, regardless of what 
those certificates were intended to be used for.  The environment that 
in the mid 1990s led to this arbitrary identification rule included (a) 
the ridiculous metaphor that PK certificates were like "electronic 
passports" which meant a general expectation that we would each need 
only one certificate, (b) no actual experience of e-commerce, and (c) 
heavy involvement  of defence departments before crypto export controls 
were relaxed in the early '00s (not only did defence impose a forensic 
obsession with personal identity, they also tended to oppose the view 
that we might sensibly exercise more than one "identity").  It was never 
clear to me that an evidence of identity rule crafted in the 1980s to 
deal with financial fraud would automatically be useful for Internet 
transactions decades later.  Yet the 100 point check got rusted on to 
orthodox PKI years before any significant e-commerce occured.  
Logically, there can't have been any actual risk assessment of 
e-commerce to indicate that a 100 point check was an effective measure.  
Instead, the 100 point check was adopted merely as a lazy extension of 
the passport metaphor.  One of the crazy artefacts of early Gatekeeper 
was that Medicare's certificates issued to doctors actually didn't 
convey any of the doctors' medical credentials, and so proved useless in 

More modern PKI formulations allow for multiple certificates, each 
issued under registration rules that are fit for purpose and crafted 
according to a community's needs.  The Gatekeeper program has the option 
now of "Relationship Certificates" which convey information about the 
Subject's membership of a defined group, and not their personal 
identity. When you digitally sign a transaction using a Relationship 
Certificate, a specific set of credentials get baked into the 
transaction, and those credentials remain easily verified for years and 
years later, which is beneficial in e-health, e-conveyancing, business 
banking and the like.

More at http://lockstep.com.au/library/pki/relationship_certificates.
and http://lockstep.com.au/library/pki/known-customer-certificates-a

Roger mentioned Attribute Certificates.  My view is these are very minor 
curiosities.  The classical Attribute Certificate (AC) was imagined to 
convey a specific property that a user would join via their "identity 
certificate" to a transaction.  ACs presume that authorisation is 
separate from and secondary to "authentication", that we will all have a 
general purpose "identity certificate", and that the identity 
certificate is 'strong enough' for all or most  conceivable 
transactions.  ACs failed because no general purpose identity 
certificate eventuated (and it never will in my view, mainly because 
identity doesn't matter universally, and even if it did, how would we 
ever codify a global identity registration process?).  ACs also require 
extra programming interfaces and complexities. 

For those types of transactions that merit digital signatures (and not 
all do obviously) it turns out to be much more elegent to use a special 
purpose PK certificate embodying the authority information ('attribute') 
of interest, than it is to use an AC and a separate identity certificate. 




www.lockstep.com.au <http://www.lockstep.com.au>
Lockstep Consulting provides independent specialist advice and analysis
on digital identity and privacy.  Lockstep Technologies develops unique
new smart ID solutions that enhance privacy and prevent identity theft.

Roger Clarke wrote:
> There's an all-too-common mistake that pervades discussions about 
> authentication.
> People blithely assume that second-party identity is central to commerce.
> But, mostly, it isn't.
> In a bazaar, at the markets, at a fete, the identity of the other 
> party is close to irrelevant.  What you see is what you get. 
> Authenticate the goods.
> Looking at it from the other side, the identities of the faces in the 
> crowd are all-but irrelevant.  What you see is what you get. 
> Authenticate the money they're offering.
> Still gave a couple of other examples of assertions that are worth 
> authenticating in particular situations (e.g. is the money I've just 
> put in that unknown person's hands enough to create the incentive for 
> him to disappear to Brazil with it, or is there enough motivation for 
> him to come back with my pie and change?).
> In more formalised markets, there are circumstances in which identity 
> matters, but plenty where it's again all-but-irrelevant.
> Who did you buy your shares from?  (Not 'who did you buy them 
> *through*?', but from?).  They're a commodity, i.e. undifferentiated 
> - any is as good as any other.  The exchange and the share registry 
> between them warrant that you're getting the shares as described.  A 
> trader depends on authentication of the traded item, not of the 
> identity of the second party.
> (Agreed that identity has some relevance in the example:  we probably 
> take a bit more care about choosing a broker, because in 
> share-trading we have more exposure to our agents and the 
> intermediaries than to the second-party.  And sometimes the identity 
> of the originator of the goods (rather than of the seller) are 
> important - are you *sure* that's a genuine Rolex / Picasso?).
> But identity authentication is hard, expensive, onerous, and full of 
> security issues - not least the fact that Stephen's article stressed: 
> the means that are used to perform identity authentication are 
> readily exploited in order to achieve identity fraud.
> Ergo:  try to design your systems so that they manage risk by 
> authenticating the important assertions, and try to avoid the costs, 
> onerousness, uncertainties and insecurities of identity 
> authentication.
> Now, does anyone want to talk about attribute certificates?  (:-)}

More information about the Link mailing list