Forms of identity, and back to Open vs Closed

[Brian Gladman]

From: "Parker Tom TA" <Tom.A.Parker@icl.com>
To: <ukcrypto@chiark.greenend.org.uk>
Sent: Thursday, May 17, 2001 6:15 PM
Subject: RE: Forms of identity, and back to Open vs Closed

Hi again Tom,

Thank you for the offer of a beer - I will make an effort to meet you in
disguise so that you have no option but to trust the identity certificate
that I will offer you!

> >Trying to get vaguely back on topic, for most purposes identity does not
> >need to be known, rather you want to authenticate some attribute of that
> >entity, (e.g. is a qualified medic). Identity in one form or another
> >allows these attributes to be collated or used for other purposes
> >(particularly by the state) way too easily.
>
> Nice to see an email on this thread that's still on topic ;-)
>
> Personally I think we should all avoid the term "identity", which is
> misleading. There's no such thing as identity (as Margaret Thatcher might
> have once said!). There are just attributes, such as birth-name, address,
NI
> number, DNA fingerprint etc. To say "identity attributes" is better,
though
> even then there are attributes whose relationship to identity are
> borderline, and anyway there's no such thing as identity ...

I certaninly think that this is a helpful suggestion since it is the
misleading view that certificates can in some sense prove a holder's
identity that lies at the heart of the misunerstandings about their value
and their uses.

However, in my way of thinking it does not solve the lack of value problem
since, until there is some tangible and immediate way in which the problems
of relying parties can be reflected back onto issuing parties, I do not see
how to create much real added value in open certificates.

Perhaps more seriously, though, some people in government who should know
better seem to have been taken in by all of this appear to genuinely believe
that such certificates really are identity certificates.  I see this is a
very dangerous development for us taxpayers since we will foot the bill for
the failures that will be the inevitable result of such misunderstandings.

> What I do believe is important is that there are attributes that can be
> assessed/verified by TSPs in an open PKI system that will appear in
> certificates that will be useful to both the subscribers and relying
> parties.

As I keep saying, when the issuing party agrees to carry all the risks of
relying parties, I will then become convinced of the value of open
certificates.

> There are plenty of non-PKI examples of agent
> attribute verification happening in real life, it's just that the results
> are not so public.

But that's the point - I don't dispute the value of closed certificates for
this very reason - they can be linked to existing approaches that are not
themselves open.

> So provided that the attributes concerned don't raise unacceptable privacy
> concerns, and many of them, for many people, would not, there is a useful
> purpose to be served.

A cardinal principle of good information security design is to minimise the
number of entities that need to be trusted in order to achieve an objective.
If a third party is to be introduced there must be clear 'value added' since
they WILL add risks to the process. At the moment the added risks of relying
on open certificates outweigh any added value that I can see in them.

    Brian