ietf-smime
[Top] [All Lists]

Weakening rigid heirarchical certification

1997-12-29 11:02:22
Forwarded for its possible usefulness:

Ed Stone wrote:

Source: http://mcg.org.br/cert.htm

E. Gerck,
Copyright © 1997 by E. Gerck and MCG, published in April 17, 1997 by the MCG
All rights reserved, free copying and citation allowed with source and author
reference.

Stone is now  changing the subject of the comp.security.pgp.discuss discussion
from RH (rigid-heirarchical) implementations of X.509-like trust models with
certification that CA's meet accepted hardware, software, and identity
verification standards at specified levels, such as that used by hundreds of
CAs including Verisign, Thawte, the US and Canadian Post Offices, and embedded
in over 30 million copies of Netscape Communicator and Microsoft Internet
Explorer, and instead trying to raise concerns about admitted flaws in pure 
X.509.

The flaws in X.509 are largely there just because some wished the capability
for self-certifying CAs and other, more web-of-trust-like features to be
included in X.509. Some are now trying to structure IETF S/MIME along the same 
lines.

Likely if the weakening away from rigid heirarchical certification in IETF
S/MIME persists, the commercial vendors responsible for the massive installed
base and trust model already in place (in Navigator and Explorer) will resist
such features as extra-heirarchical CAs with users being left to unspecified
exogenous methods to verify such CAs' bona fides (as is apparently specified
in the current s/mime "draft-ietf"). For arms-length internet transactions
(using that word in its broadest sense) between strangers, system-insured
structural assurances as to any CA's bona fides (backed up with agreed and
audited practices) are essential. I thought that was a major purpose of a
structure with the IPRA at the top.

As IBM proved many years ago in the mainframe world, "it is better to have the
market than the product". A poor IETF implementation simply won't succeed in
the marketplace, and the "marketing advantage" of someone else yelling "But
Netscape isn't fully IETF compliant" will carry about as much weight as Sun
yelling, "But Internet Explorer isn't fully Java compliant". Though my
sympathies are with Sun, I don't see such cries much affecting Microsoft's
market share. If the IETF is to act in the best interests of the user base,
they must consider this.

This is not an objection to web-of-trust. In a separate standard such as Open
PGP, it has a very useful place. But it should be just that--embedded in a
separate standard. Let the market decide, not some partisans of one
commmercial interest or another, and please do not corrupt a good trust model
(for its purposes) to try to make it universal.

Something that attempts to be all things to all men will inevitably end up
being nothing to no one.

David

<Prev in Thread] Current Thread [Next in Thread>