[LINK] Modern PKI [was: RFC: Could CAs Be Eavesdropping on Their Clients?]
swilson at lockstep.com.au
Mon Aug 16 14:35:14 AEST 2010
Yup, there were some sweeping generalisations implicit in my assertion
that "strangers don't do business in the real world". I have a sense of
what "serious" e-business means in the main online, and I aceept it's a
biased view. But what interests me the most in the context of
electronic authentication are relatively high volume, relatively high
risk, and highly formalised transactions: e-health orders,
govt-to-citizen forms, banking, conveyancing, superannuation management
... These are more prosaic than most Web 2.0 applications, but they are
where the money is, in terms of providing serious ROI for e-commerce
going fast and paperless.
To paraphrase Roger, what often matters when deciding whether or not to
transact is not *who* the party is, but rather *what* the party is.
That is, their credentials often matter more than their identity.
One of the tragic misteps in orthodox PKI was the idea that *all*
digital certificates had to embody a 100 point check, regardless of what
those certificates were intended to be used for. The environment that
in the mid 1990s led to this arbitrary identification rule included (a)
the ridiculous metaphor that PK certificates were like "electronic
passports" which meant a general expectation that we would each need
only one certificate, (b) no actual experience of e-commerce, and (c)
heavy involvement of defence departments before crypto export controls
were relaxed in the early '00s (not only did defence impose a forensic
obsession with personal identity, they also tended to oppose the view
that we might sensibly exercise more than one "identity"). It was never
clear to me that an evidence of identity rule crafted in the 1980s to
deal with financial fraud would automatically be useful for Internet
transactions decades later. Yet the 100 point check got rusted on to
orthodox PKI years before any significant e-commerce occured.
Logically, there can't have been any actual risk assessment of
e-commerce to indicate that a 100 point check was an effective measure.
Instead, the 100 point check was adopted merely as a lazy extension of
the passport metaphor. One of the crazy artefacts of early Gatekeeper
was that Medicare's certificates issued to doctors actually didn't
convey any of the doctors' medical credentials, and so proved useless in
More modern PKI formulations allow for multiple certificates, each
issued under registration rules that are fit for purpose and crafted
according to a community's needs. The Gatekeeper program has the option
now of "Relationship Certificates" which convey information about the
Subject's membership of a defined group, and not their personal
identity. When you digitally sign a transaction using a Relationship
Certificate, a specific set of credentials get baked into the
transaction, and those credentials remain easily verified for years and
years later, which is beneficial in e-health, e-conveyancing, business
banking and the like.
More at http://lockstep.com.au/library/pki/relationship_certificates.
Roger mentioned Attribute Certificates. My view is these are very minor
curiosities. The classical Attribute Certificate (AC) was imagined to
convey a specific property that a user would join via their "identity
certificate" to a transaction. ACs presume that authorisation is
separate from and secondary to "authentication", that we will all have a
general purpose "identity certificate", and that the identity
certificate is 'strong enough' for all or most conceivable
transactions. ACs failed because no general purpose identity
certificate eventuated (and it never will in my view, mainly because
identity doesn't matter universally, and even if it did, how would we
ever codify a global identity registration process?). ACs also require
extra programming interfaces and complexities.
For those types of transactions that merit digital signatures (and not
all do obviously) it turns out to be much more elegent to use a special
purpose PK certificate embodying the authority information ('attribute')
of interest, than it is to use an AC and a separate identity certificate.
Lockstep Consulting provides independent specialist advice and analysis
on digital identity and privacy. Lockstep Technologies develops unique
new smart ID solutions that enhance privacy and prevent identity theft.
Roger Clarke wrote:
> There's an all-too-common mistake that pervades discussions about
> People blithely assume that second-party identity is central to commerce.
> But, mostly, it isn't.
> In a bazaar, at the markets, at a fete, the identity of the other
> party is close to irrelevant. What you see is what you get.
> Authenticate the goods.
> Looking at it from the other side, the identities of the faces in the
> crowd are all-but irrelevant. What you see is what you get.
> Authenticate the money they're offering.
> Still gave a couple of other examples of assertions that are worth
> authenticating in particular situations (e.g. is the money I've just
> put in that unknown person's hands enough to create the incentive for
> him to disappear to Brazil with it, or is there enough motivation for
> him to come back with my pie and change?).
> In more formalised markets, there are circumstances in which identity
> matters, but plenty where it's again all-but-irrelevant.
> Who did you buy your shares from? (Not 'who did you buy them
> *through*?', but from?). They're a commodity, i.e. undifferentiated
> - any is as good as any other. The exchange and the share registry
> between them warrant that you're getting the shares as described. A
> trader depends on authentication of the traded item, not of the
> identity of the second party.
> (Agreed that identity has some relevance in the example: we probably
> take a bit more care about choosing a broker, because in
> share-trading we have more exposure to our agents and the
> intermediaries than to the second-party. And sometimes the identity
> of the originator of the goods (rather than of the seller) are
> important - are you *sure* that's a genuine Rolex / Picasso?).
> But identity authentication is hard, expensive, onerous, and full of
> security issues - not least the fact that Stephen's article stressed:
> the means that are used to perform identity authentication are
> readily exploited in order to achieve identity fraud.
> Ergo: try to design your systems so that they manage risk by
> authenticating the important assertions, and try to avoid the costs,
> onerousness, uncertainties and insecurities of identity
> Now, does anyone want to talk about attribute certificates? (:-)}
More information about the Link