Hello,
From: Scott Bradner <sob(_at_)hsdndev(_dot_)harvard(_dot_)edu>
To: crocker(_at_)tis(_dot_)com, pem-dev(_at_)tis(_dot_)com
A quiet word from the OPS AD. (and I'm sure I'm using all of the buzz words
incorrectly - but such is often the way with us OPS types, we just do it,
leaving the formal tags to others)
I'd just as soon see progress on authentication support technologies that can
be deployed with as much speed as possible.
It just so happens that I have a number of specific concrete ideas on
how to make real progress towards ubiquitous security in the Internet
much faster than we have so far.
I've been watching PEM from the sidelines for quite a while and, while I think
that a full hierarchy of trust is critical for a class of functions (remote
retrieval of student records for example) There are quite a wide range of
functions that can be fully implemented using bilateral agreements (as most of
the current EDI world seems to work) or the inclusion of extra information in
the record (e.g. a credit card number).
The implementation and support requirements inherent in the use of a full
authentication hierarchy have, so far, proven to be a major inhibition to the
adoption of badly needed functionality. Even when the hierarchy
infrastructure is in place, I see a long period of refinement in the required
operational support procedures.
bottom line:
The Internet has two separate types of needs for authentication mechanisms.
Many functions can be fully realized using simple N party trust models.
Some functions require full trust hierarchy.
There has been little progress in deploying the enabling technologies required
for full trust hierarchies.
I believe this to have been due to design choices which, with hindsight,
have been shown to be poor.
We can't wait much longer.
suggestion
There are two separable sets of requirements. I don't think the existing PEM
working group properly addresses both sets of requirements.
Continue to develop the X.509 type hierarchy model using the current PEM
working group. This group could continue to rely on DNs as the basis of
identification with the knowledge that the implementation of a support
infrastructure for DNs will take time and includes a large number of currently
unknown operations issues.
Since I have made it quite clear that I think DNs are hopeless and
X.500 is almost as bad, people may be surprised that I have no problem
with anyone who wants to do so working on further development and
deployment of these kludges. I would argue merely that other
mechanisms are clearly, with the benefit of hidsight, superior. But
with the deployment, even if limited, of a number of PEM/PEM-like
implementations, I don't think that it would make much sense to try to
revoke the PEM standard or anything. And if compatible incremental
improvements can be made to PEM, that's fine.
I would like be involved in this new "Rapid Deployment Security
Working Group" :-).
Create a separate working group to develop technologies that rely on simple
N-party trust mechanisms. This group should rely on the identification
processes normally used in the operational Internet, i.e. the FQDN and have as
its primary objective to define things that can be deployed in a short period
of time.
The goals of simplicity, use of existing operational deployed
mechanisms, and rapid implementation are, I believe achievable. I
just don't think this group should be prohibited from proposing
something that meets these criteria just because it might be
hierarchial.
For N-party trust Email, PGP already exists.
Scott
Donald