The identification of a need in a directory to
1) limit trawling
2) limit information disclosure dependent upon identity and assurance level
3) control access to spaces of the name space
4) limit public visibility to the name space
means that
some sites operate their naming and addressing spaces such that
they are private.
Eg. From given example, you cannot send PEM mail to Joe Doe at the
NSA unless you know 1) his name 2) his address 3) his publicly available
certificate. You may be given an ``access point'' however from
which the communication will subsequently be handled. PEM can cope
with that when it start tiering certification between message
handling and transport entities.
Therefore, you cannot directly communicate with Joe, securely or otherwise.
This is a legitimate demand, not only by the defense, diplomatic, security
and intelligence community, by anyone who wishes to control
access to the very name itself. The example recently cited clearly
indicated need to not only protect against effective trawling (by
making it ecoomically disadvantegeous to the attacker (ie. costly)), but
also to limit access to the very names of employees to commercial competitors
in order to protect against their determining economic intelligence.
PEM seems make many assumptions of need regarding 1) the need for
confidence 2) access to public information sources which facilitate secured
interworking.
The constant theme of the debate to date (5 years!) seems to revolve
around peoples desire to opt out at some point of the formal system
which PEM provides, so that they can choose to ``do it wrong'', and
accept the risks. Ie. they dont share the perception of need. People
wrongly perceive PEM as only operating a public certification space.
Surely it operates as many certification spaces as people want to
manage them? Sure you wont be able to inter-communicate securely with
just anyone, though...but thats idealistic anyway.
People will generally gravitate to PEM public certification as and when it
hurts them not to; this include assurance and service connectivity.
Otherwise, they will either accept the risks, or run their own security
management to satisfy their needs.
There will be private PEMs, and the public PEM, segmented. Any n
private PEM domains will not hurt a public service.
However, a big private subscriber may offer such a high quality of
service that people may eventually dump the public-sprited but informal
service, and then a commercially driven PRMD will dominate as a defacto
ADMD. National infrastructure policies need to plan for this, once PEM
finally leaps from the R&D stage. There is going to be a huge amount of
non-technical work involved! Minimising of such managememnt tasks, and
more importantly their technical need, is the thing the Internet has
really thrived on. Assured security services require significant
management; I dont see PEM services therefore as an intrinsic Internet
function. Its time to consider ``contracting out'' this management
function to entities capable of managing such managed-infrastucture
projects, in my opinion.
Its time to talk to national bodies, beyong pilot deployment.