[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Trivial PKI Question

To: "Anders Rundgren" <anders.rundgren@xxxxxxxxx>
Subject: Re: Trivial PKI Question
From: chris.gilbert@xxxxxxxxxxxxx
Date: Tue, 4 Mar 2003 09:44:32 +0000
Cc: ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx






> A "TRIVIAL" PKI QUESTION
> -----------------------------------

> Assume that you have a business message like a purchase order

   <Order>
       <From name="Big Buyer Corp.">
          <OurRef name="John Doe"/>
       </From>
       <To name="MegaCar International"/>
       <Item>10 Medium-sized SUVs</Item>
       <Comment>Make it quick please!</Comment>
   </Order>

> Now assume that "Big Buyer Corp." is an advanced organization
> using digital signatures.

> ==============================================
> Question:  How should the identity as expressed in the document
> relate to the identity as expressed by the signer's certificate?
> ==============================================

There may be no relationship at all. Their identity as a private
individual may be irrelevant, subjugated by their role as the person
in Big Buyer Corp who authorises such payments digitally. Also,
the creator of the order may not be the person who is authorised
to digitally sign it.

> Among the complications we find

  > 1.  The PKI-identity is presumably "strong" as it is vouched for by a
  > CA, while the identity in the business document is only "claimed"
  > by the entity itself.  ==> The PKI identity is governing?

In being authorised to digitally sign the order prior to dispatch it
behoves the signer (the risk carrier) to validate the order and the
identity of the creator of the order prior to sign and send

> 2.  The hierarchical naming system used by PKI (X.500) is completely
> different to the various naming schemes used in businesses.

That only affects the publication of the certificate into a browsable
location. It can still be revoked and will be present in whatever CRLs
the CA issues. The trust therefore remains.

> 3.  Some PKI-folks claim that signatures should be tied to individuals.
> Does this mean that the signer's certificate in the sample should
> identify John Doe of Big Buyer Corp.?

Only if John Doe is both creator of the order and authoriser of the
purchase. John is also more likely to be using the certificate issued
to him by Big Buyer Corp or its CA rather than his government (or
whatever) issued personal identity. The two are likely to contain
different certificatePolicies.

> My own conclusion is that PKI was created to support e-mail where
> these questions do not arise.

As a basic mechanism whereby you can identify an individual I believe
certification and PKI work very well. Mistakes are made in trying to
build application specific knowledge into the PKI.

> The drawback is that this will be found out by a *human*, and usually
> only *after* a malpractice has been performed.

All security can be undone by bad practice and PKI wont prevent this.
But then PKI is not a security mechanism, it is an identity mechanism
that can be used to support a security mechanism, automating some parts
of it and making others easier to implement


> A LONG-TERM REMEDY
> -------------------------------

> To create a foundation for more frictionless PKI-secured e-business,
> I think that there *long-term* should be a one-to-one mapping between
> [basic] business message identities and certificate identities.

A kind of time-stamped intersection entity that comes between person
and process ? A signed transaction ? Isn't this what Notaries were
supposed to be for ?

> As the business community is never going to adopt X.500 naming, as
> well as having their own naming problems, this will likely require
> changes on both sides.  A possible scheme using the currently only
> globally functioning naming system (DNS/URIs), is that entities are
> uniquely defined by two elements:

> - A naming domain (name space) based on a URI like: "http://www.visa.com/cc";

Microsoft use DC components to do this. I would prefer to see
one of AIA or CDP made a standard certificate component. I agree
with your implication that the cert MUST have something in it
that allows the relying party to trace the physical address of
the issuer. At present is does not.

> - A local identifier in that domain like: 4555-5555-2244-8888

Microsoft presume a unique MS domain email address. Not a bad
idea but hardly reliable beyond the edge of the MS network. But
then it is also unrealistic IMO to expect us to wander through
the eUniverse with a single identity when in the course of everyday
life we perform more than one role

I don't think that there is any problem with someone using a
multiple certs or even certs with unpublishable DNs. The fact
remains that the CA should have issued such certs under Policies.
The Policy describes what weight the relying party should give
to the signature when they encounter it. The technology itself is
not the be-all and end-all solution to true eBusiness. It is
merely a part and should always be there to support real-world
processes with a legal foundation.

Chris

Follow-Ups:
- Re: Trivial PKI Question
  - From: Anders Rundgren

Prev by Date: Re: RFC3161(TSP): doubts about tcp protocol
Next by Date: Re: RFC3161(TSP): doubts about tcp protocol
Previous by thread: Re: Trivial PKI Question
Next by thread: Re: Trivial PKI Question
Index(es):
- Date
- Thread