Re: Common misconceptions, was Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to beRE: I-D ACTION :draft-ietf-pkix-scvp-00.txt))

["Todd S. Glassey" <Todd.Glassey@xxxxxxxxxxxxxxxxxx>]

----- Original Message -----
From: Anders Rundgren <anders.rundgren@jaybis.com>
To: PKIX-List <ietf-pkix@imc.org>; Ed Gerck <egerck@nma.com>
Sent: Friday, July 16, 1999 3:12 PM
Subject: Re: Common misconceptions, was Re: KISS for PKIX. (Was: RE: ASN.1
vs XML (used to beRE: I-D ACTION :draft-ietf-pkix-scvp-00.txt))


> Ed,
> >> Note: I deliberately excluded national ID-CAs who HAVE to verify
absolute identity (which is
> >> harder and harder to do with all paper-less refugees in Europe).
> >
> >The "harder and harder to do" is what makes a certificate not bind to a
user -- and even
> >if you have all proper papers in notarized copies you still do not know.
And, BTW, just
> >read any CA warranty and you will see they also do not know and they say
so -- "NO
> >WARRANTY, NO SUITABILITY OF PURPOSE".]

This is merely an effect of the uptake of global cert use. In 5 years or
better yet in 10 years you will laugh that you even said this. Certs and
CA's will be everywhere.

>
> Well, I don't (unlike most other PKI-folks) believe that it is absolutely
necessary
> for the success of PKIs, that CAs should be able to warrant and insure for
all kinds of problems.

This is definitielt true. But for the use models and the types of
transaction processes they do support, if the proper transaction critera and
auditing services are available  then this is no problem. One of these
things is a well defined and integrated audit or timestampig system, I would
think.

>
> To me certificates should be compared to mechanical locks. A lock
manufacturer usually
> only guarantees that a lock is manufactured to conform to a certain
industry-standard (CPS).
> Not that the lock is guaranteed to protect values up to $1000000. There
are exceptions but
> then we are not talking mainstream.
>
> Regarding the binding I believe that certificates and CAs make sense if
the CA
> can guarantee (with high but not unlimited probability) that an individual
cannot
> "borrow" another's identity.  This is certainly feasible, partly by using
biometrics.
> And is not terribly expensive either.
> To nail down an individual's true TRUE identity is NOT a requirement for
employers, banks
> etc. as long as you perform according to their rules.  If an RP needs
stronger proofs of
> identity this may have to be carried out without the CA.

But Biometrics only addressses the Retail POS style model, becuase once the
Biometric data is captured, it takes on the same vulnerability as the reast
of the sata used as the auth enablement.

This is a really important problem since most players are swinging for a
longer ball than just retail POS transactions that have a "direct conscious
human particpant". The idea is that the system should work when there are no
humans anywhere in the mix and that is why the liability or reliance
limitations are so important.

>
> National CAs are exceptions that probably never will be mainstream (except
MAYBE in countries
> like Sweden with a long ID-card tradition)

I disagree here too. I think it is likely that CA's at the national level
will be erected by all countries that offer automated or net based services
and access models, but it is likly that the CA itself will be buried inside
a larger process so as such it may not be "visible as a CA" per say.

>

Todd