1st Annual PKI Research Workshop: "Dueling Theologies" www.cs.dartmouth.edu/~pki02/theologies.shtml
Last modified: 07/30/02 07:52:45 AM

Summary by Ben Chinowsky, Internet2

In this session, Rich Guida gave his view of what's holding back the traditional X.509 model that he favors, and Carl Ellison summarized his criticisms of this model.

Guida listed several factors holding back wider deployment of PKI, including: too many legacy applications and too few PKI-enabled applications; a widespread desire on the part of decision-makers to be on the leading rather than the bleeding edge; lack of common semantics; organizational politics, including the "not invented here" syndrome; and (least importantly) technical issues. Guida also pointed out that, as with network technologies more generally, it is very hard to calculate ROI for PKI, and suggested that those pushing PKI deployment not get "wrapped around the ROI axle." Guida sees PKI becoming widespread first within enterprises, then between them, and lastly with consumers. Guida also outlined the PKI he's currently working on for Johnson & Johnson.

Ellison sees fundamental problems with conventional PKI. In his view, there are four pieces of PKI "conventional wisdom" which need to be rejected.

Ellison's solution is to dispense with identity certs and CAs, replacing them with authorization certs issued by whoever has the authority to grant the authorization under existing business practices.

Much of the Q&A was devoted to rebuttals to Ellison's objections to traditional PKI. Several people pointed out that traditional PKI need not lean so heavily on names as Ellison assumes it does: naming is often backed up by established business relationships and larger sets of information about the named entities. While Ellison agreed that the use of these backups can help, his response centered on stressing just how little rigor can be expected from users. He also cited an episode in which he used SSL to make an apparently secure transaction with a vendor, then checked the cert and found that it had been issued to another entity entirely. While presumably the vendor had contracted with this entity for web services, nowhere in the process was there any proof of this.

There was also a short discussion of nonrepudiation; Ellison argued that online credit card transactions are safe for the purchaser, and therefore widespread, precisely because they can be repudiated, and not because SSL protects the transaction from eavesdropping.


Back to Home Page Maintained by Sean Smith, sws@cs.dartmouth.edu