[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: EuroPKI 2005 - Call for Participation

To: David Chadwick <d.w.chadwick@xxxxxxxxxxxxx>
Subject: Re: EuroPKI 2005 - Call for Participation
From: lynn.wheeler@xxxxxxxxxxxxx
Date: Wed, 18 May 2005 12:40:23 -0600
Cc: PKIX <ietf-pkix@xxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

at 8:14 am 5/18/05, d.w.chadwick@xxxxxxxxxxxxx wrote:
>
> CALL FOR PARTICIPATION
>
> The EuroPKI 2005 Conference will be held in Canterbury, England, 30 June
> - 1 July 2005.
>
> Registration is now open. See
>
> http://sec.cs.kent.ac.uk/europki2005/registration.shtml
>
> Early registration closes on 1 June, so book now to secure your place.
>
> The Keynote Speech will be given by Dr Carlise Adams, and is entitled
> "PKI: Views from the Dispassionate "I", in which he will present his
> thoughts on why PKI has been available as an authentication technology
> for many years now, but has only enjoyed large-scale success in fairly
> limited contexts to date. He will also present his thoughts on the
> possible future(s) of this technology, with emphasis on the major
> factors hindering adoption and some potential directions for future
> research in these areas.

from 3-factor authentication paradigm
http://www.garlic.com/~lynn/subpubkey.html#3factor

* something you have
* something you know
* something you are

that verification of a digital signature with a public key is a form of
"something you have" authentication ... i.e. the subject has access and use
of the corresponding private key.

note, however, it has seemed that the majority of certification authorities
(mainstay of most formal PKIs) are embroiled in identification issues, not
authentication ... aka the certification binding of some information to a
public key (and the production of the resulting certificate).

i've frequently claimed that this paradigm was disigned to address the
offline email scenario from the early 80s ... where the recipient had
absolutely no recourse to information about an otherwise anomomous sender
that the recipient never had any previous communication with (aka the
letters of credit model from the sailing ship days).

the recipient, dialed their local electronic postoffice, exchanged email,
and then hungup. the recipient then found themself with an email from a
total stranger, there had never been any prior communication, and the
recipient lack any means for discoverying any information about the
stanger.

the early 90s saw x.509 identification certificates. however, there was
some tendency by certification authorities looking at significantly
overload such certificates with enormous amounts of personal information
(not really being able to predict the future about what relying parties
and/or what business processes might be targets for such certificates, and
therefor not reliably being able to predict what relying parties might
expect in the way of identification information).

in the mid-90s some of the institutions (like financial) industry) ...
looking at such identity certificates realized that they represented
enormous privacy and liability issues and you saw some retrenchment to
relying-party-only certificates
http://www.garlic.com/~lynn/subpubkey.html#rpo

these certificates frequently contained little more certified information
than some form of account number bound to a public key. however, it was
trivial to show that such reply-party-only certificates not only violated
the original certiicate design point (total stranger communicating for the
first time with a offline relying-party that had no other recourse to
information about the originator), but also were redundant and superfluous
(aka the relying-party having registered the public key and issued the
relying-party-only certificate ... would have a superset of every bit of
information contained in a certificate ... including the public key).

in the financial industry situation ... where the redundant and superfluous
certificates were being targeted at payment transactions ... aka a consumer
would create a payment transaction, digitally signed it and transmit the
transaction, the digital signature, and the reply-party-only certificate
back to the issuing institution. Not only did the relying-party
(destination of the payment transaction) alerady have access to a superset
of the information contained in a redundant and superfluous digital
certificate ... but it turns out that the nominal payment transaction size
is on the order of 60-80 bytes. The typical redundant and superfluous
relying-party-only certificate from the period could be on the order of
4k-12k bytes. So not only were the relying-party-only certificates
redundant and superfluous, but in such situations they also represented a
factor of 100 times payload bloat.

It is actually possible to deploy authentication infrastructures that use
digital signature verification
http://www.garlic.com/~lynn/subpubkey.html#certless

that avoid getting embroiled in the identification issues that seem to
accompany many PKI deployments.

--
Internet trivia, 20th anv: http://www.garlic.com/~lynn/rfcietff.htm

Prev by Date: EuroPKI 2005 - Call for Participation
Next by Date: Request for new work item - Defining an SRV RR otherName
Previous by thread: EuroPKI 2005 - Call for Participation
Next by thread: Re: EuroPKI 2005 - Call for Participation
Index(es):
- Date
- Thread