PKI creed (was Re: Trustworthy contacts)

Brian Gladman ukcrypto at maillist.ox.ac.uk
Fri, 15 Sep 2000 11:40:43 +0100 

From: "Dave Bird" <dave@xemu.demon.co.uk>
To: <ukcrypto@maillist.ox.ac.uk>
Sent: Thursday, September 14, 2000 9:31 PM
Subject: Re: PKI creed (was Re: Trustworthy contacts)


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> In article <3.0.5.32.20000914063541.0082ec40@spiritone.com>, Carl
> Ellison <cme@acm.org> writes
> >This is a mistake Diffie and Hellman made in their original paper -- that
> >has been propagated down through the decades.  They said to build a
> >directory of names to keys, then you can look me up in the directory, get
my
> >key and send me a message.  Fine theory.  How do you find me in the
> >directory?  You can't use a name.  There are too many Carl Ellison
entries.
>
>  Well, I have argued a model in which we deal with identity much as we
>  do in the everyday world but then add public keys on top.  For example,
>  to find out who the hell you were in practical terms, I would ask a
>  couple of people I know at ACM.  I would expect your key to be signed
>  by the ACM organisational key and, if I didn't have that, I'd ask
>  my friends to send me a signed copy of the ACM key or key fingerprint.

I agree - we must evolve from where we are.  In the real world we have lots
of well developed human ways of making sure that those with whom we are
exchanging information are who we think they are.  And provided we can
manage our respective local namespaces in a way that provides for such human
intervention and control we are probably not going to make too many
mistakes.

But it is not obvious (to me at least) how we can engineer our systems in
such a way that this can happen locally and yet we can still achieve a
significant level of global interoperability.  SDSI and other approaches in
which wider relationships are established between entities in local name
spaces (i.e. my John Smith = your John Smith) are more attractive than
global top down directories in that they are a better match to how the real
world works but do they scale up in a way that can meet global needs?

Turning to electronic commerce, a central issue is that of deciding where
identity really matters.  Since, in essence, the buyer wants the goods and
the seller wants the money, the critical issue for both is whether these two
elements of transactions can be underwritten in some way. While identity may
matter to the organisations that do this underwriting, it seems to be of
little direct relevance for the transactions themselves and this suggests
that these would be much better organised around PKC used to provide
transaction authorisation rather than the identities of the participants.

At the moment it seems that e-commerce companies don't have to worry much
about the identity of customers because their interest - getting paid - has
been underwritten by the banks.  But the growing volume of fraud in
'customer not present' transactions and the resulting 'claw backs' may
change this and, as Quentin has indicated, there is now evidence of mounting
pressure to move this risk onto consumers.

Looking at consumer interests in identity, my gut feeling is that consumers
do have an interest in the identity of the company with which they are doing
business.  In my e-commerce transactions I am much happier working with
companies I know and trust rather than ones I am dealing with for the first
time.  But what I really want is to know is that the company I am dealing
with on my N+1'th visit is the same company that I dealt with on visits 1,
2, ..., N since confidence that this is a single relationship allows me to
develop trust in the company over time - if I have made 100 transactions
with them without any problems I am likely to be pretty confident in success
with transaction 101 (I admit that this confidence might not be justified).

This relationship does not rely on identity as we normally think of it but
simply identity in the sense that 'the entity I am dealing with now is the
same entity I have dealt with N times before' and this can be accommodated
by the exchange of verification keys for our respective signatures.  But at
least some of the keys involved here have to be long lived since they have
to be capable of spanning, directly or indirectly, all the individual
e-commerce transactions that the company and I undertake over an extended
period in order to have confidence that there is just one relationship on
which trust is built.

The problem with this is not the public keys, since the keys we have
exchanged do not need to be public - it is the secret keys, since we are
depending on their long term secrecy.  And here I am not convinced that we
have the technology to provide for this when these keys are being
manipulated by the sort of computer systems that we typically use at the
moment.

It will be some years before internet connected home PCs will be able to
sustain such levels of secrecy and this means that someone will have to
underwrite the resulting risks if e-commerce from home is to take off.
Consumers are already very reluctant about this and I can't see the banks or
merchants sticking with this without some significant security improvements.
It would be nice to believe that company e-commerce sites can meet such
requirements but recent examples from both banks and large companies give us
little basis for confidence here.

In my view the public is right to be worried about the safety of e-commerce
but what is the government doing to overcome such concerns?  Well, it talks
a lot about e-commerce but it actually seems to spend its time undermining
it with things like GAK in RIP.

In other words, implementing non-solutions to non-problems but making
extremely difficult, real problems even worse than they already are in the
process.

    Brian