PKI creed (was Re: Trustworthy contacts)

Nicholas Bohm ukcrypto at maillist.ox.ac.uk
Fri, 15 Sep 2000 17:41:28 +0100 

At 11:40 AM 9/15/2000 +0100, Brian Gladman wrote:
>From: "Dave Bird" <dave@xemu.demon.co.uk>
>To: <ukcrypto@maillist.ox.ac.uk>
>Sent: Thursday, September 14, 2000 9:31 PM
>Subject: Re: PKI creed (was Re: Trustworthy contacts)
>
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> In article <3.0.5.32.20000914063541.0082ec40@spiritone.com>, Carl
>> Ellison <cme@acm.org> writes
>> >This is a mistake Diffie and Hellman made in their original paper -- that
>> >has been propagated down through the decades.  They said to build a
>> >directory of names to keys, then you can look me up in the directory, get
>my
>> >key and send me a message.  Fine theory.  How do you find me in the
>> >directory?  You can't use a name.  There are too many Carl Ellison
>entries.
>>
>>  Well, I have argued a model in which we deal with identity much as we
>>  do in the everyday world but then add public keys on top.  For example,
>>  to find out who the hell you were in practical terms, I would ask a
>>  couple of people I know at ACM.  I would expect your key to be signed
>>  by the ACM organisational key and, if I didn't have that, I'd ask
>>  my friends to send me a signed copy of the ACM key or key fingerprint.
>
>I agree - we must evolve from where we are.  In the real world we have lots
>of well developed human ways of making sure that those with whom we are
>exchanging information are who we think they are.  And provided we can
>manage our respective local namespaces in a way that provides for such human
>intervention and control we are probably not going to make too many
>mistakes.
>
>But it is not obvious (to me at least) how we can engineer our systems in
>such a way that this can happen locally and yet we can still achieve a
>significant level of global interoperability.  SDSI and other approaches in
>which wider relationships are established between entities in local name
>spaces (i.e. my John Smith = your John Smith) are more attractive than
>global top down directories in that they are a better match to how the real
>world works but do they scale up in a way that can meet global needs?
>
>Turning to electronic commerce, a central issue is that of deciding where
>identity really matters.  Since, in essence, the buyer wants the goods and
>the seller wants the money, the critical issue for both is whether these two
>elements of transactions can be underwritten in some way. While identity may
>matter to the organisations that do this underwriting, it seems to be of
>little direct relevance for the transactions themselves and this suggests
>that these would be much better organised around PKC used to provide
>transaction authorisation rather than the identities of the participants.
>
>At the moment it seems that e-commerce companies don't have to worry much
>about the identity of customers because their interest - getting paid - has
>been underwritten by the banks.  But the growing volume of fraud in
>'customer not present' transactions and the resulting 'claw backs' may
>change this and, as Quentin has indicated, there is now evidence of mounting
>pressure to move this risk onto consumers.
>
>Looking at consumer interests in identity, my gut feeling is that consumers
>do have an interest in the identity of the company with which they are doing
>business.  In my e-commerce transactions I am much happier working with
>companies I know and trust rather than ones I am dealing with for the first
>time.  But what I really want is to know is that the company I am dealing
>with on my N+1'th visit is the same company that I dealt with on visits 1,
>2, ..., N since confidence that this is a single relationship allows me to
>develop trust in the company over time - if I have made 100 transactions
>with them without any problems I am likely to be pretty confident in success
>with transaction 101 (I admit that this confidence might not be justified).
>
>This relationship does not rely on identity as we normally think of it but
>simply identity in the sense that 'the entity I am dealing with now is the
>same entity I have dealt with N times before' and this can be accommodated
>by the exchange of verification keys for our respective signatures.  But at
>least some of the keys involved here have to be long lived since they have
>to be capable of spanning, directly or indirectly, all the individual
>e-commerce transactions that the company and I undertake over an extended
>period in order to have confidence that there is just one relationship on
>which trust is built.

I agree with this analysis, though I think that what Brian describes really
is identity in its true and correct sense.  The question I want to answer
is whether I am now dealing with the same person as I intend to be dealing
with.  Who do I intend to deal with?  That can vary quite a lot, obviously.
 It may be the person I met and enjoyed talking to at a party; it may be
the shop where I got good service last week; it may be the same person as I
dealt with through a website of the same name on previous occasions.  Names
may be a help in this process, but they are only a part of the relevant
context which I need to establish an identity between the person I want and
the person I am getting.  Certificates may be a help in this process in
some cases, although I find their general utility grossly oversold.

>The problem with this is not the public keys, since the keys we have
>exchanged do not need to be public - it is the secret keys, since we are
>depending on their long term secrecy.  And here I am not convinced that we
>have the technology to provide for this when these keys are being
>manipulated by the sort of computer systems that we typically use at the
>moment.
>
>It will be some years before internet connected home PCs will be able to
>sustain such levels of secrecy and this means that someone will have to
>underwrite the resulting risks if e-commerce from home is to take off.
>Consumers are already very reluctant about this and I can't see the banks or
>merchants sticking with this without some significant security improvements.
>It would be nice to believe that company e-commerce sites can meet such
>requirements but recent examples from both banks and large companies give us
>little basis for confidence here.
>
>In my view the public is right to be worried about the safety of e-commerce
>but what is the government doing to overcome such concerns?  Well, it talks
>a lot about e-commerce but it actually seems to spend its time undermining
>it with things like GAK in RIP.
>
>In other words, implementing non-solutions to non-problems but making
>extremely difficult, real problems even worse than they already are in the
>process.

I very much agree.  What we seem to need are strongly reliable means of
keeping secret keys both secret and usable.  This need will only be met if
the costs and risks of not meeting it are kept firmly placed on those in a
position to ensure that it is met.  Broadly speaking this seems to mean the
banks and insurance companies (as the commercial risk carriers) and the
Government (as the body that doesn't want to be seen to be at fault).

It would be nice to think that an E Envoy would put this at the top of the
priorities.  But I think the Government just wants a salesman for itself,
so my hopes are not high.

Regards,

Nicholas Bohm

Salkyns, Great Canfield,
Takeley, Bishop's Stortford CM22 6SX, UK

Phone		01279 871272	(+44 1279 871272)
Fax		01279 870215	(+44 1279 870215)
Mobile   	07715 419728	(+44 7715 419728)

PGP RSA 1024 bit public key ID: 0x08340015.  Fingerprint:
9E 15 FB 2A 54 96 24 37  98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF