ietf
[Top] [All Lists]

Re: PKIs and trust

2003-12-15 13:02:06
At 4:31 +0900 12/16/03, Masataka Ohta wrote:
Stephen Kent;

I've authored several papers that capture what I see as the essence of your characterizations, in a simple form. The central notion is that most of these relationships are NOT about trust, but rather about authority. if one views them in this fashion, then it becomes apparent that the entities that are authoritative for identification and authorization assertions should be CAs, and we, as individuals with many distinct identities, should expect to hold many certs, each corresponding to one identity.

The problem for such PKI is that, if we have certs based on
existing trust (e.g. I trust some organization have an authority
to issue passports) relationships, we can exchange shared secret
using the relationships that we don't need any public keys.

In principle, yes, but in practice it is preferable to use public keys for a variety of security reasons, not to mention the existence of a lot of software that can make use of certs and public keys.


This is what happens in the physical world with most physical credentials: passports, frequent traveller cards, etc.

Our trust relationships in these cases are so strong that we
can be delivered not only PINs (shared secret) but also physical
credentials.

Yes, but it is cheaper to issue credentials in the form of certs and avoid postage and related physical credential costs. Also, PINs are meant to be remembered by users and thus are mire vulnerable to guessing than key pairs. So we have to put into place attack monitoring and response schemes, e.g., locking down an account after N bad login attempts, which creates DoS opportunities! So there are many reasons to prefer PKI here, although there are downsides too.


Then, who need public key cryptography?

Thus, many expect thatm once a PKI is formed, it can create any
trust relationship for anything.

We know a PKI does not.

agreed.


The next question is, does a, two or millions of PKIs worth having?

I don't think they do.


I don't know how many we need. But, when I look in my travel bag I see about 30+ paper and plastic credentials, all of which could be turned into certs under the right circumstances, without creating new "trusted" organizations, and with the benefit of greater security and less bulk (bits are thin and light weight!).

Steve



<Prev in Thread] Current Thread [Next in Thread>