Identity-based public key cryptography

[M Taylor]

[This is my second attempt, odd interaction with chiark's anti-spam measures,
due to expiring virtual domains. -MCT]

On Mon, Dec 17, 2001 at 12:35:39AM -0000, John Williams wrote:
> The powers that be continue to agonise over the use of cryptographic
> services for the NHS.  Setting up the necessary PKI seems to be particularly
> challenging.
> 
> Then all of a sudden we are being told about ID-PKC where no complicated PKI
> is needed.  Public keys can be computed and we get our private keys from a
> CA.  The CA can be split into pieces so that only someone with all of the
> pieces gets to have the working private key.  How secure is this system and
> is it in use anywhere?  It seems too good to be true and I feel uneasy about
> where I am being told to go to view it from:
> 
> http://www.cesg.gov.uk/technology/id-pkc/index.htm
> 
> 
> Does this have any place?

Yes, it should be burnt at the stake, for attempting to undermind 
the MHG. 

When you combine ID-PKC with the EU Electronic Signature Directive, you
end up with a system that allows colloborating administrators (or
administrator if both machines are controlled by the same person as
it would be in any NHS Trust) can forge a non-reputible advanced
digital signature. As well under RIP Act, a corrupt law enforcement 
or intelligence agency could force the administrator(s) to reveal
the private key information, which could be abused to generate
non-reputable yet forged signatures.

IDPKC is interesting from an academic point of view, but I do not
believe it can be sold to the public or government in good faith
as a safe and secure system. 

IDPKC is being hawked to the government agencies with to commitments 
to produce PKI under e-Envoy mandates. These agencies are or have 
experienced the let down of the PKI industry hard sell, and found 
or heard that the real expenses are not the software licenses 
or per user fees, but in hardware costs if hardware token or 
smartcards are used, software compatibility and intergration and 
deployment throughout their IT infrastructure, and once deployed 
the ongoing helpdesk costs which over the long term dwarf those 
long forgotten license and per user fees. PKIs are also a tough
sell to users and accountants since they don't have easily
tangible benefits, i.e. new capabilities, more efficiency and are
thus seen as merely a cost centre.

IDPKC also suffers from the classic failure of a system being misused 
for purposes it wasn't intended. Thinking about what happens in
a corporate environment when someone goes on holiday, their email
is diverted to something else in the office, if as the CESG's own
demostration is based, the ID-PKC is based upon email addresses,
then this person can obtain the private key information of the
person whom is on holiday. The other classic failure is that
senior officials may have their assistance reading their email,
much like they do with paper mail, but this system would give
the user of the email address signing authority equal in strength
under the EU Electronic Signature Directive as a paper based on. 
Email addresses are not assigned strictly on identity, they are 
odd split of roles, identity and adhoc requirements. To used the 
as-is email address systems (whether X.400 or SMTP) would open up 
the possibility for abuse.

The system suffers from failures in the real world, the CESG
is being irresponsible towards the people it is suppose to be helping
by not allowing open access to experts to examine *and criticize* 
the technology, the NDA agressment waives this ability, making it a 
waste of time for me to exaimine the details since if I find a 
weakness I cannot furfill my ethical responsibility to notify the public 
using or considering to use the system of the discovered weakness.

--
M Taylor