Trustworthy contacts

Owen Lewis ukcrypto at maillist.ox.ac.uk
Thu, 14 Sep 2000 12:34:53 +0100 

----- Original Message -----
From: "David Hansen" <davidh@spidacom.co.uk>
To: <ukcrypto@maillist.ox.ac.uk>
Sent: 12 September 2000 11:10
Subject: Re: Trustworthy contacts


> > Too damn right it is. My company owns the data and intellectual
> > property it creates (we do not create personal data). [snip] Conversely,
> > where others send us data (for analysis or whatever) that data is not
> > owned by us but by whichever company sends us the copy.
>
> An excellent example of why a hierachical model will not work. Unless
> you and the other company are controlled by a holding company then
> you don't have the sort of permanent relationship a hierachy implies.
> Rather you make and break relationships as necessary. The public key
> model fits this sort of relationship, the secret key model does not.

Interesting. Certainly one is never in a hierarchical relationship with
customers. Yet PKI offers little of especial for some such relationships.
All one's customers need to communicate securely to one as the provider of a
confidential service; they *never* need to communicate securely with each
other. One needs to hold discrete keys for all one's customers. They only
need to hold the one key to communicate to you. If they lose of mismanage
that key, they can only compromise the security/integrity of information of
importance to them. Use ephemeral keys and the damage is (should be) very
limited, even if the compromise is at the communications hub. The 'supplier'
provides the cipher system and seed keys to those that need them. After
seeding, the cryptosecurity is entirely transparent to the users unless the
link ever needs re-seeding. Seeding and re-seeding can only be initiated
from the hub and then only with authorisation.

> This trading needs to be done quickly, without waiting for key
> material to be delivered from a "trusted" party. There are risks with
> a public key system, these are manageable just like the many other
> risks businesses face.

I think there is a distinction between, on the one hand, securing the
transfer of monetary value and assuring  identity and, on the other hand, a
continual flow of confidential information between trading partners. PKI has
advantages for the former, especially in the b-to-r sector. They do not
offer the same unique advantages in the latter case.

Owen