Last modified: 07/30/02 07:52:45 AM
|
|
1st Annual PKI Research Workshop: "Dueling Theologies" |
www.cs.dartmouth.edu/~pki02/theologies.shtml Last modified: 07/30/02 07:52:45 AM |
Summary by Ben Chinowsky, Internet2
In this session, Rich Guida gave his view of what's holding back the traditional X.509 model that he favors, and Carl Ellison summarized his criticisms of this model.
Guida listed several factors holding back wider deployment of PKI, including: too many legacy applications and too few PKI-enabled applications; a widespread desire on the part of decision-makers to be on the leading rather than the bleeding edge; lack of common semantics; organizational politics, including the "not invented here" syndrome; and (least importantly) technical issues. Guida also pointed out that, as with network technologies more generally, it is very hard to calculate ROI for PKI, and suggested that those pushing PKI deployment not get "wrapped around the ROI axle." Guida sees PKI becoming widespread first within enterprises, then between them, and lastly with consumers. Guida also outlined the PKI he's currently working on for Johnson & Johnson.
Ellison sees fundamental problems with conventional PKI. In his view, there are four pieces of PKI "conventional wisdom" which need to be rejected.
Objection: Each person has multiple identities (as a driver, as a bank account holder, as an employee...); therefore each person would need many identity certs.
Objection: It's too expensive to have more than a few such CAs, making it necessary for users to travel to the CA in order to get a cert. Using RAs can improve this situation; Ellison advocates going this solution one better by putting the CA on the RA's desk.
Objection: "Human beings do not use names the way we computer scientists would like them to." Ellison noted that when he tells stories of the confusion created by the multiple John Wilsons at Intel, people tend to respond along the lines of "that's nothing, listen to this." When using names, people have a strongly ingrained tendency to go with the first apparent match they see, leading to (in the stories Ellison related) misdirected email messages, airline boarding pass mixups, and (almost) unwanted botox injections.
Objection: The costs of strong private-key security and the need for tamper-proof cameras to witness digital signing make nonrepudiation impractical. The usefulness of providing nonrepudiation is in any case limited to situations in which a victim can be made whole, thus excluding cases where, for example, secrecy or human life is at stake.
Ellison's solution is to dispense with identity certs and CAs, replacing them with authorization certs issued by whoever has the authority to grant the authorization under existing business practices.
Much of the Q&A was devoted to rebuttals to Ellison's objections to traditional PKI. Several people pointed out that traditional PKI need not lean so heavily on names as Ellison assumes it does: naming is often backed up by established business relationships and larger sets of information about the named entities. While Ellison agreed that the use of these backups can help, his response centered on stressing just how little rigor can be expected from users. He also cited an episode in which he used SSL to make an apparently secure transaction with a vendor, then checked the cert and found that it had been issued to another entity entirely. While presumably the vendor had contracted with this entity for web services, nowhere in the process was there any proof of this.
There was also a short discussion of nonrepudiation; Ellison argued that online credit card transactions are safe for the purchaser, and therefore widespread, precisely because they can be repudiated, and not because SSL protects the transaction from eavesdropping.
|
Back to Home Page | Maintained by Sean Smith, sws@cs.dartmouth.edu |