Open versus closed PKI systems

Nicholas Bohm nbohm at ernest.net
Thu, 17 May 2001 16:34:21 +0100 

At 10:20 17/05/2001 +0100, Charles Lindsey wrote:

>I don't think certificates for the masses have much application in
>normal e-commerce, as you say (fine for detecting impersonation on the
>internet, of course, buit even there the best evidence of ownership of
>a public key is observed and continued use of that key over a number of
>years).
>
>Where certificates issued by public CAs really come into their own is
>for companies who transact business with large numbers of the general
>public.
>
>Is this company I am proposing to deal with _really_ Argos?
>
>Is this software I am about to install _really_ from Microsoft ....
>
>Oops!
>
>But is there really any better solution for that particular problem?
>Though I would much prefer if https sites would offer you a choice of
>certificates to look at.

I agree that certificates are useful in this case.  The reason is that the
customer already knows who it is he wants to deal with, and the certificate
provides useful evidence.

If this is the only (or even main) useful function of certificates deployed
en masse, will the market support it, or will the PKI infrastructure costs
be too high for the benefit conferred?  Time alone may tell, presumably.  I
suspect that very few customers check the certificate, or realise that
their browser will alert them to a non-conformity, and it is therefore hard
to see what real benefit is being conferred.  If businesses find it makes
no difference whether they offer certificates or not, presumably they will
cease to bother.

Another approach to verification in this context would of course be for
companies to publish their verification key fingerprints (in stores, on
till slips, in advertising, etc) and sign their products for the benefit of
those who want to download a key and check.  (This assumes prior customer
knowledge of the supplier, but then without that, certificates do nothing
useful anyway.)

This approach doesn't allow for immediate CRL checking, of course.  But how
many server certificates cause automatic CRL checking at present?  Could
the CAs handle it?  And wasn't it Verisign's failure to check its own CRL
that lead it to its little bloomer with Microsoft code-signing certificates?

Regards

Nicholas

Salkyns, Great Canfield,
Takeley, Bishop’s Stortford CM22 6SX, UK

Phone	01279 871272	(+44 1279 871272)
Fax	01279 870215	(+44 1279 870215)
Mobile	07715 419728 (+44 7715 419728)

PGP RSA 1024 bit public key ID: 0x08340015.  Fingerprint:
9E 15 FB 2A 54 96 24 37  98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF