Steve and Steve,
Thanks for your considerate and well-reasoned replies.
With the volume of e-mail that the three of us have
been generating over the last three days, it would have
been easy to lapse into "flame" mode.
While we are thinking of better terms, I do like the
explanation Steve Crocker offered for "syntactic"
vs. "semantic" than cross-certification. It has seemed
to me that the IPRA is performing a type of syntactic
cross-certification, but that there is not yet any
effective or agreed-to semantic content to the
certificates.
The following thoughts occur to me as a result
of your (Kent's) comments:
1. I can affix a pejorative label "Bad Guys R
Them" to any PCA I like, as a local matter,
whether or not I have confirmed the bad guys'
certificate or not. The IPRA does provide
some value here, by at least confirming that
I am blacklisting the right ("wrong?") people.
2. I don't even have to display any DN or PCA
policy name at all -- I can just let the good
ones go through and reject the bad ones. So
mail-based application programs can operate
automatically, with minimal intervention.
3. The default can be to label all PCAs as bad
guys, and add individual PCAs as good guys.
This tends to bring us back to the HOSTS.TXT
approach, but there would probably only be
two or three entries in the table in most cases.
That is an acceptable burden.
4. I can define all CAs as bad guys for the purpose
of encrypted communication, so that I don't
accidentally send an encrypted message to the
wrong person or company do to a mistake in
addressing, and then add individual CAs or even
individual users to the permitted list, for example
if my company is teamed with another company
that might normally be a competitor.
For example, if the President chooses to implement
a local policy for White House staff that prevents
encrypted communication with someone who
refuses to adequately identity himself, e.g.,
someone certified under the Persona PCA,
(not an unreasonable policy, I should think)
that would not prohibit someone who is certified
under the Persona PCA from receiving and
authenticating a digitally signed message from
President(_at_)WhiteHouse(_dot_)GOV(_dot_)
As for "content free" certification, methinks you protest too
much. The question answered in 1422 is not WHAT an entity is
certified to DO, but WHO the entity is certified to be. This is a
fundamental distinction between inputs to rule-based and
identity-based access control systems. The infrastructure is design
to supprort applications that might make use of the former, not the
latter, type of access control
Did you get that backwards, or am I misreading you? It certainly
seems that PEM is structured to support identity-based systems,
if anything. I'm just trying to improve the level of trust in the
identity mechanism.
What I have heard you ask for in many instances is
certification that an individual is authorized to engage in some
financial interchange. That is a rule-based authorization. I suggest
you look at what the ANSI X9F1 committee is doing. They make use of
X.509 certificates for authentication and other certificates for
fiduciary authorization purposes. That is a reasonable use of
complementary certificate-based systems. But it is not reasonable to
try to put all that info into one certification system, unless you
want to create a custom system for EACH user community, since each
community will have different ideas about what trust semantics should
be associated with certified entities. That is not the sort of
(community-specific) standard the Internet community tends to produce.>
Although I am not directly involved with the ANSI X9F1 or the EDI
commities, I am reasonably familiar with what they are trying to do.
In fact, one of the reasons I have been such an enthusiastic
support of PEM (really!) is that I believe that the certification
infrastructure will be applicable to such efforts as well, and
therefore reach critical mass more quickly.
Actually, I find myself trying to straddle both horses. I don't want to
be confined by the type of highly structured transactions that
the EDI community is trying to come up with, but I like their
level of assurance, and I suspect that the RSA Commercial
Hierarchy will evolve primarily in that direction. On the other hand,
I do like PEM's ability to communicate with a very large user community
as individuals, not just as corporate entities. I just don't like the fact
that the degree of assurance is so low at present. We all started off
talking about the virtues of public key technology and nonrepudiation,
and we are finding it difficult to achieve.
What I am trying to do now, hopefully in concert with RSA and their
Commercial Hierarchy, is to define a Policy for a PCA which will provide
a higher level of assurance for users within that community. My approach
is to try to define a model agreement, which I call an Affidavit of Legal
Mark, which would be a notarized statement signed by the user and
subject to penalties for perjury in the event of willful misrepresentation).
This Affidavit will state that the user is who he says he is, that he accepts
the responsibility of being legally bound by his digital signature, and
that he understands and agrees to maintain a certain standard of care
with respect to his private keys. It will also state the various caveats and
limitations that must be considered in evaluating the validity of his
(purported) signature when applied to any document, including
requirements for trusted timestamping or even full-fledged sworn-in-the-
physical-presence-of notarization as applicable.
This document could be digitally signed by one or more witnesses, and the
document with the digital signatures and certificates printed out on paper.
That paper document would then be notarized in the conventional manner,
since it is not yet clear whether the law will allow a Notary's signature to be
applied electronically. (Anyone want to set up a PCA for Notaries?) That
multiply-signed document would then be made available to anyone who
requested it, either through an X.500 entry, or a server established at that
user's CA, or perhaps at the PCA. the archive paper copy would be
maintained by the CA.
In effect, this would be a certificate of authorization that is similar in
concept to the X9F1 certificates, except that it is signed by the user,
not by a company. It is intended primarily for attesting to statements of
fact, e.g., the accuracy of a time card or expense account, or approving
a travel authorization, or even signing your income tax form; as opposed
to signing negotiable instruments such as checks or debit orders, or
inter-company purchase orders of the type being addressed by EDI.
I think maybe we have beat this horse to death, so have a nice weekend.
If there is interest in discussing the Affivdavit of Legal Mark concept further
I will be happy to do so, either on PEM-DEV or off line.
(The usual caveats about these being my personal thoughts apply in
spades to this discussion. The education process that is in front of
almost all of us in bringing corporate management and the legal and
financial community up to speed and into agreement on all these issues
is rather daunting.)
Robert R. Jueneman
GTE Laboratories
617/466-2820
617/466-2603 FAX