Re: Re (subtopic): certificate issuance and trust
2003-08-15 20:09:25Steve, Steve Hole wrote on 08/15/2003, 12:48:
I broke the reply into to parts because they really are quite separate issues. This topic deals primarily with the issuance of certificates and trust management in deployed S/MIME clients. I debated taking it offline, but I think that it is useful discussion from a usage point of view. It has little technical merit on a primarily technical forum, but it has overall import for S/MIME -- I hope :-)
I would also have taken most of the discussion offline already due to the direction it is going if there hadn't been many people expressing their interest in the topics.
I see that we need to talk a bit about the usage models that are evolving on the Internet. There are at least two with variations: 1. Interpersonal secure mail. This is Mom exchanging secure email with Aunt Jane on the other side of the country. 2. Organizational communications. This is the business to consumer or organization to partipant communications (ie. my bank wanting to send me statements and me wanting to complain to my bank). <apology> Because I am so focused on usage model 2 these days I tend to forget about usage model 1. My apologies. Conversely, I suspect that very little thought has gone into usage model 2 as it is an entirely new thing for business to be doing on the Internet. </apology>
No need to apologize. Likewise I focused mostly on the first usage due to the fact that I work for an ISP. However I believe the two uses very often intersect. Consumers want to make secure electronic communications with businesses (I know I do), which they can't do by e-mail today. S/MIME certification allows both.
So what? Your assertions and the priority you assign them are spot on for usage model 1. I would still add both cost and complexity of certification to this model. For Mom to sign up to get a cert is actually pretty daunting from a user interface point of view. We and our customers have done lots of user tests and it is a problem.
The complexity was my third one on the list - how S/MIME is difficult to use . That included the enrollment process. I completely agree it is very daunting. Actually I have gotten my mother running on S/MIME so I know what you are talking about when you mention complexity of enrollment. I got her running with Thawte and it was quite long to enroll. But there is no reason that it has to be that way - it entirely depends on the CA.
My assertion that cost is a big deal is very applicable to usage model 2. In this case organizations want to certify their consumers for secure document receipt and (possibly) reply. Outbound is fairly easy -- just issue an encryption only cert to the user on enrollment. No trust issues and it is reasonably easy to get to the user's desktop. The problem comes when you want bidirectional communication and are therefore issuing signing certs. The cost of doing this for millions of customers is so high using the existing certification model (because of root trust requirements) that to use S/MIME becomes impractical or forces alternative solutions.
I'm not sure I understand why the trust is less of a problem for encryption certs than signing certs. If you want to receive encrypted communications, you need to create an encryption key and cert. And you need to make the other party aware of it. Typically in S/MIME today this transfer of the public encryption cert is done by ... signing an e-mail. Which requires you to have a signing cert... Otherwise the user could also publish the encryption cert to LDAP. Still there would need to be some authentication at that time.
There are a series of companies that provide "e-mail encryption" using proprietary formats and Javascript symetric decryptors that completely bypass S/MIME altogether. And people buy it! BIG organizations buy it. It's depressing. And when talking about S/MIME it has to be concern to this group and people who implement S/MIME clients.
What are the advantages of these pseudo-security products ?
Correct. This means that interpersonal secure email usage is impractical because there is no way to obtain necessary security information for an arbitrary recipient. This is the original stated problem and we all agree that it is a major, if not the major barrier. I think that we have some good concensus building on that and maybe there are some actions that we can now take to try to resolve the issue.
While we don't have any consensus yet on the technical direction, I would certainly be willing to participate in writing a draft that would make recommendations on additional ways to distribute S/MIME certificates. Of course the actual deployment of a global directory is a problem, but perhaps by having this draft written by people involved in companies potentially interested in using/running it we will end up writing a deployable proposal.
3) S/MIME is too complex to useS/MIME isn't so complicated (at least our user testing doesn't indicate that). We get very few usage calls back to customer support. Certification is certainly complicated. Even the easiest of the commercial (Verisign) CA's are quite daunting to the average user. This is an implementation issue that needs some work. This accounts for better than 95% of our TOTAL service calls. Ouch!
Yes, that's what I meant. Enrollment is part of the usage of S/MIME. I had to sit with my mother last year to get her to sign up, and I talked to her at length at international rates for the recent renewal.
The only way to solve it (I think) is to have organizations initiate certificate issuance. That is, ISP's need to offer to do this as part of their enrollment.
Agreed.
So it is a question of how do we initiate certification? More importantly how do we get ISP's (or a proxy third party) to engage users in the certification process.
I wish I had the answer to that one.
The first two issues are related. As more people become aware of certification and certified, the value of being certified willincrease.I believe the cost of the certification will be much less of an issue once people realize they are paying for a something useful.No it won't :-) Will your Mom pay to be certified? I know for a fact mine won't because I tried to get her to get a Verisign cert and when she found out it was $20, that terminated that conversation quickly :-)
Yes, I know the feeling, I got the same reaction from my family members, which is why I got many of them to enroll with the freemail Thawte CA instead. However the service doesn't have to be directly paid for, or all at once. It can be bundled by the ISP with her account. Even if it wasn't bundled with every account, the one-time $20 might be only a $1.66 option/month extra, which is the same price, but suddenly doesn't look so bad. Especially if that $1.66 buys you more than just the ability to communicate with family members, but also with businesses (ie. banks).
First of all, this problem really is a usage model 2 issue. An organization wants to certify a very large number of users. It really doesn't apply to usage model 1, for which most of the existing S/MIME clients are targeted.
Still, a corporate organization can run its own CA which doesn't have to be a root CA.
All of the above is correct. I'm saying two things: 1. It would be very nice if there is some way that the trust domain could be removed from client configuration to a centralized service. This is simply good engineering and allows for dynamic control over what is trusted and what is not.
I think it cannot ever entirely be removed from the client, because you need to start with some trust, but it could be aggregated. Before this can be dynamically controlled however, the very notion of what a trust domain is needs to be defined and standardized. Then we can define means to transfer it, through existing protocols hopefully.
2. Modifying desktop settings to support security policy and certificate issuance is a non-starter for usage model 2. It's the old adage -- people want security but they don't want to have to do anything to get it. I'll give you an example that might help. If My Huge Bank wanted to issue certificates to their users to establish a secure email community of trust, then they have two choices: acquire certificates from one of the CA's that is already in the "trusted root" category or try to issue self-signed certificates and become a trusted root. Cost is a big barrier in the first option. Deployment complexity (and some cost) is a barrier for option 2. Because a new root certificate has to be downloaded to every desktop you've got a deployment latency problem. Because it costs (in some non-insubstantial set of S/MIME implementations) to get a registered root certificate, the costs of this are not insubstantial either. If the cost that an organization like My Huge Bank will bear to roll out a new service is $1M - $500K you can see that the cost of deployment for an S/MIME solution is severly compromised by the costs of certification. Companies and solutions like Tumbleweed exist that provide alternatives to S/MIME simply because of this fact.
My huge bank doesn't have to run a root, my huge bank can run a CA and get it signed by one of the root CAs. Then it doesn't need to deploy a root to every desktop. If it insists on running a root, there is going to be at least one config change to make it happen. Right now I think it is as simple as clicking on a URL and accepting a dialog. I don't know how much simpler one can make it. Yes, a means to distribute the trust domain (see above) would help, but one would still need to configure the software to use the distribution channel - whatever it would be (HTTP, LDAP ...). I don't see how this would be simpler than the click and confirmation of the dialog. The only advantage is that you might only need to enable that trust domain service once, and several organizations could publish their root to it. You could imagine for example a consortium of financial institutions ... Of course the consortium could just have one root and bear its cost, and issue one CA for each institution. FYI, I believe Microsoft might already update roots when you do a windows update, but of course that's a proprietary solution, and you still have the upfront cost of getting certified when you create your root.
The price figure you cite is absurdly low. Do you really, seriously think $250,000 to enable secure services matters much to a company with 25 million customers ? Certainly it wouldn't matter much to a bank, especially since it would probably reduce certain mailing costs. I'd guess that even one bulk USPS communication is going to cost morethan 1cent per recipient. I only know one ISP with 25 million customers or more, and I happen to work for it, but I'm not at liberty to comment further on the costs.First of all, $0.01 per cert for 25M customers is $2.5M annually.
No, it is $250,000 .
You need to go have a look at who I work for :-)
The name doesn't ring a bell, but I will check.
The example that I give above is by far the rule. The costs that even a large bank with 25M consumers will bear for *any* Internet application is quite low at this point.
First class stamps are up to 37 cents last time I checked. I don't know what the bulk rate is, but using your (unrealistic) proposed cost of 1 cert per cert, the investment would pay for itself at the first paper communication saved even if only 3 percent of the bank customers ever used their cert. Of course, it's up to the banks to decide what's beneficial to them, but if something is going to save them so much money, the bank has responsibility to their shareholders to look into it. I don't have any more to add on this topic.
Most of that has to do with the series of disappointing Internet applications and middleware that were invested in over the years has seriously damaged their trust in real return on investment in Internet applications.
Someone has to do it right first. Competitors will follow. Same thing happened with online account access - not everybody offered SSL. Lots of banks erred in offering proprietary software solutions for a while. It sorted itself out. We are just at an earlier stage in the process.
However, it is important to note that the cost of running a your own CA today is largely a matter of the licensing costs of running the CA software. There are operational costs, but those costs can and should be part of the cost of operating the application the uses S/MIME. We do NOT charge for certificate issuance in our product. We charge for documents delivered. There is a direct and easy comparison for any usage model 2 document issuer to compare the cost of paper mail to secure email. If we had the ability to "Register" a self certifying organization root certificate in one place (not one for every desktop client) that would be a huge step forward.
Even if that service existed, it would still need some kind of client configuration to point to that one place. -- I am the dog in dogfood
smime.p7s
Description: S/MIME Cryptographic Signature
| Previous by Date: | Re: dissemination of public encryption certificates, Julien Pierre |
|---|---|
| Next by Date: | RE: Query regarding BER/DER encoding of CMS data, Jim Schaad |
| Previous by Thread: | Re (subtopic): certificate issuance and trust, Steve Hole |
| Next by Thread: | Re: Re (subtopic): certificate issuance and trust, Steve Hole |
| Indexes: | [Date] [Thread] [Top] [All Lists] |