[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CyberPhone Trust Propagation Was: A $25,000,000,000 PKI

To: "'Anders Rundgren'" <anders.rundgren@xxxxxxxxxx>, Stephen Kent <kent@xxxxxxxxxxx>
Subject: RE: CyberPhone Trust Propagation Was: A $25,000,000,000 PKI
From: Alan Lloyd <Alan.Lloyd@xxxxxxxxxxxxxxxxxxxx>
Date: Mon, 12 Apr 1999 09:22:05 +1000
Cc: ietf-pkix@xxxxxxx, list@xxxxxxxxxxxxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

Anders, I think that the debate can and will go no where as do some
simply because the profile work is based on purity of the PKI model and
signed email messages over the internet.
There are three major components (comms and messaging protocols aside)
to the application of certificate systems for large scale use (I dont
bother with bespoke ones) - and that is a directory infrastructure, a
business and business entity information model that reflects the
business transactions (between the relevant directory enities) and an
overlaid PKI/CA model and functions that reflect the cost/trust/risk
aspects of delivering these services - and these processes/interactions
align to protected services one wants to deploy. In your case its domain
agile telephone devices, but it could be toll tickets or tram fares.

I think as time goes on - reality will set in and different
architectures/models for PKI system will emerge ... nature and
commercial effort  has a way of doing this.

Certainly my experience is showing that PKI on its own aint much use. It
needs the operational bits too.

regards alan

> -----Original Message-----
> From:	Anders Rundgren 
> Sent:	Sunday, April 11, 1999 2:30 PM
> To:	Stephen Kent
> Cc:	ietf-pkix@imc.org; list@seis.nc-forum.com
> Subject:	Re: CyberPhone Trust Propagation  Was: A $25,000,000,000
> PKI
> 
> Steve,
> 
> >It is not the server that grants the user the right to purchase, it
> is the
> >company.  The company can choose to do this in various ways, as
> described
> >in earlier messages.  Your approach introduces added vulnerabilities
> into
> >the system, realtive to a model in which the purchasing agent
> directly
> >controls his/her private key.
> 
> 
> But "your" model adds the following security problems when purchasers
> that have their purchaser keys and certs in a smart card:
> 
> 1) Key (card) distribution.  Make sure the right person gets it
> 
> 2) A need for trust in external software when purchasing outside of
> the company
> premises.  If at all possible for SW reasons.  And logging, what about
> that?
> 
> 3) As it probably can take days to get a new purchaser card in case of
> loss you may have to "borrow" somebody else's.  Normal human behavior
> 
> 4) No control of use or abuse until it may be too late.  Non-repudian
> is useless if your purchaser made your company go bankrupt
> 
> 
> 
> And then "your" model also adds the following PITAs
> 
> 1) Slow and expensive issuing of cards
> 
> 2) Hard to get a card if not physically close to the issuer
> 
> 
> As I see it, massive issuing and distribution of private keys
> introduce
> security problems that (unlike secure PK-servers and "Thin PKI") do
> not
> have any real solutions.
> 
> 
> But I will cease this debate as we are approaching "dead-lock" unless
> there
> are others who seems willing (and competent) to continue. 
> 
> Regards
> Anders
> 
> http://www.mobilephones-tng.com
> 
>

Prev by Date: RE: SEIS: RE: Certificates, Directories, and Distinguished Names
Next by Date: Possible ambiguities in encoding of signatures, encrypted keys
Previous by thread: Re: CyberPhone Trust Propagation Was: A $25,000,000,000 PKI
Next by thread: optional fields in time stamp responses.
Index(es):
- Date
- Thread