Stephen Kent;
I'm having a feeling that you call a set of software/hardware
to handle certs a PKI.
no, there is a lot more to a PKI than hardware and software.
Mmmm, OK.
not to mention the existence of a lot of software that can make use
of certs and public keys.
I'm afraid you are saying we should have PKI because we have PKI.
why do we use browsers to access many databases where other mechanisms
might be more appropriate? because we all have "free" browsers, users
and developers are comfortable with the paradigm, ...
No. We use browsers to access many databases, because there are free
search engines available to point to that many databases.
Browsers can be reasonably priced.
In all (passports and frequent traveller cards) cases, it is
required that applicants physically contact authorities.
True for an initial contact for a passport, not for renewal.
OK. It's easier in US than JP. But, it is merely that, in US,
initial physical contact is enough to update passport. So,
it is enough to have initial shared secret to update the
secret.
When I
referred to frequent traveller cards I had in mind the airline/hotel/car
rental frequent traveller programs to which I belong, not credentials
that get me through security with less examination.
You can get physical credentials at airports, hotels or reta
car shops.
In Japan, and maybe in other countries, use of material mail is
inevitable to get passport, because it is the way to confirm the
addresses of applicant.
The address of an applicant is not even printed on a US passport.
Neither on mine. But, in Japanese legislation, people are identified
by its name and address that it is leagally important to issue a
passport to an identified person.
One can pick up frequent travellor cards, at least paper ones, at
airport.
I can get my form of frequent traveller card via a web interaction, with
no physical presence!
So, you don't need any PKI for frequent traveller card.
I think we are talking about different use models. If I have a frequent
flyer account with web access, and if someone tries to break in by
guessing my PIN, the airline will have to shut down the account after
some small number of tries, to prevent an effective guessing attack.
I'm flexible enough that I'm not restricted to any use models.
I just want applicaitons work with proper security.
That you are using PIN means that you are communicating with your
CA that shared key cryptography is a lot more than enough.
This denies ME access, and it imposes costs for the airline, because I
may have to make a toll free call to someone to cause my account to be
reactivated. That is a DoS attack that could be avoided if we used
crypto keys for auth.
What's wrong if you use IC card for challenge and response with shared
key cryptography?
I think we can, at least, agree that we need no "new trusted
organizations" or commercial CAs.
agreed!
An archievement.
and with the benefit of greater security and less bulk (bits are thin
and light weight!).
That you have paper and plastic credentials means that you don't
need much security.
not really. I rarely uses most of those credentials today. They are
largely replaced by web accesses where knowledge of the account number
and a PIN provides the authentication that used to be inferred by
physical possession of the card.
Then, what is your problem solved by PKI?
Note that there is no reason that you think CAs more reliable
than ISPs. So, if you just believe CAs, you should just believe
ISPs.
That you have an IC card containing 30+ secret keys activated with
a short PIN does not mean so much security. How do you think about
an IC card erases all the secret information after N bad PINs, which
creates DoS opportunities?
I am not too worried about physical security for a crypto hardware
token, because I am careful to not lose such tokens, just like I am,
careful to not lose physical (paper/plastic) cards today.
I'm afraid that we are agreeing that we don't need much security.
The advantage
to using crypto for authentication is that the keys are longer and more
random than PINs, and I don't have to remember all of them.
It merely means that IC card can hold long secret, which has
nothing to do with the difference between shared and public
key cryptography.
The
advantage to using public key crypto is that I can employ existing PKI
features in browsers for authentication AND I don't have to worry that
sloppy security procedures at the web sites will disclose private keys
that could be used to impersonate me.
You feel secure merely because you don't think about a possibility
of sloppy security procedures at the web sites and the CAs which
would enable signing false public key, corresponding private key
of which could be used to impersonate you.
CAs are just as (un)trustworthy as ISPs.
Note that use of credit card over web is secure not because of
SSL, but because credit card companies are reducing credentials
of card holders in real time.
Masataka Ohta