[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Common misconceptions, was Re: KISS for PKIX, was ...

To: ietf-pkix@xxxxxxx
Subject: Re: Common misconceptions, was Re: KISS for PKIX, was ...
From: "David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>
Date: Fri, 16 Jul 1999 14:35:45 -0400 (EDT)
Reply-to: "David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>

> From: Ed Gerck <egerck@nma.com>
>
> The "harder and harder to do" is what makes a certificate not bind to a user 
-- and even
> if you have all proper papers in notarized copies you still do not know.  And, 
BTW, just
> read any CA warranty and you will see they also do not know and they say so -- 
"NO
> WARRANTY, NO SUITABILITY OF PURPOSE".


Novell recently briefed the Federal PKI Technical Working Group
(http://csrc.nist.gov/pki/twg/welcome.html) on the results of their
requirements discussions with business users.  One notable conclusion
is that PKIs will have "made it" when they become insurable (i.e. when
it becomes possible to quantify risk reliably enough to make meaningful
warranties).  Since business relying parties require a guarantor to have
deep enough pockets to make any judgements for breach of warranty
collectable, it follows that the only warranties that will be made by
any organization with substantial assets are against quantifiable,
controllable, insurable risks.  A proposed approach to allocating
liability included a root CA operated by an organization with huge
assets (such as a commercial bank) but with only two warranted
responsibilities: 1) ensuring name uniqueness across the certs issued
by that CA, and 2) protecting the CA's private key.  (A third,
unstated, requirement would be to use sufficiently conservative
cryptography for signatures on the issued certs).


> Surely, you can rely on a certificate but only to the extent that it is 
warranted by the issuer.
> But, you will not find a CA that does that without caveats that any fraudster 
case will fall
> into and thus invalidate the assurances.  And, the CAs are right -- it cannot 
be warranted
> that  a certificate binds to a user. This alone already shows in the practice 
what I tried to
> explain.

You (as a relying party) can rely on a certificate to any extent you
wish.  A CA may warrant that it follows certain practices; it may also
warrant results, as with the hypothetical root CA above, if the amount
of loss and the risk of loss can be quantified.  You, the relying party,
assume all risk not assumed by the CA.  You are the sole judge of whether
the PKI provides a benefit - whether profit from transactions enabled
by the PKI minus expected losses from risks not assumed by the PKI is
positive.

A CA cannot warrant that a certificate binds to a user any more than a
fire insurer can warrant that you won't have a fire.  No casualty
insurer will protect you from, or compensate you for, losses resulting
from thermonuclear war.  But insurance exists because it provides a
service that people and businesses are willing (or mandated) to pay
for.  PKIs are useful if their benefits exceed their costs, regardless
of whether it is possible for a CA to provide an unlimited guarantee
that a transaction signed with a particular public key was initiated by
a particular natural person.

Prev by Date: Digital Signature Laus (was Re: KISS for PKIX)
Next by Date: Re: Digital Signature Laus (was Re: KISS for PKIX)
Previous by thread: Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
Next by thread: Re: Common misconceptions, was Re: KISS for PKIX, was ...
Index(es):
- Date
- Thread