Jeff Schiller and Steve Kent
Gentlemen;
I am sorry that I did not get the opportunity to talk with you
at the ISOC Security symposium about this, but here are some
questions and comments about the IPRA root that has just been
established, and the rfc-1422 certification hierarchy in
general.
First, I am a little surprised that
http://bs.mit.edu:8001/ipra.html does not lay out the policies
and mechanisms that are implied by registration with the IPRA,
but I assume that they will be as described in RFC-1422. (Right?)
(I am also a little surprised that there is not a direct
pointer to someone in an official capacity at the ISOC.)
The second issue has to do with the semantics of PEM(-like)
certificates, and the resulting implications.
The reason for the concern/interest is that, in addition to PEM,
PGP, etc., we are interested in using certificates to validate
identity for reasons of ensuring that some action has taken
place. For example, the Dept. of Energy operates a number of
large experimental facilities (accelerators, X-ray microscopes,
etc.) that are currently used by people from all over the world,
and it is developing the technology to make those facilities
remotely accessible. The remote users of the facilities will
be scattered over the global Internet, making security of
operation an important consideration. Facilities managers may,
for example, require certain kinds of training prior to allowing
one to participate in remote operation. This manager will also
likely never physically meet many of the people who want remote
access. Assuming that there are training programs at the remote
institutions that qualify an operator, one model is that this
operator will "present" a certificate (hopefully a PEM - like
certificate) as proof of identity, in order to be allowed access
by the local security mechanisms.
Therefore, two elements of trust have to be defined and
established. The first is that training (and perhaps what
training) has taken place, and the second is that the person
presenting the certificate is, in fact, the same person who took
the training. The verification-of-training issue may not be
directly related, though incorporating this sort of thing into
the certificate mechanism could be useful. However, like PEM,
the level of assurance associated with identity repsented by a
certificate and real, human identity must also be established by
known and assured policy. So, I think that this second
situation exhibits the same certificate-represented identify
vs. real (physical) identity issues as those for PEM.
We are therefore interested, among other things, in certificate
mechanisms that express the policy and identify of the issuer,
or its trust hierarchy superior, in an unambiguous and easily
determined manner.
The "we" comes from the fact that I am chairing a Dept. of
Energy, Energy Sciences Network (ESNet) committee on Key
distribution, and I will have to say that there is some concern
about the implications of registering with the IPRA (or with a
PCA, for that matter). We expect that the ESNet community
(ESNet provides Internet backbone and access services to the
collection of programs at DOE related to Energy Research, and
connects many of the facilities mentioned above) will set up a
PCA, with CAs at the individual institutions. But even within
that community it may be difficult to come up with a commonly
agreed on policy to be represented by the PCA, and therefore it
may be important to be able to distinguish between policies. At
the same time, I think that most of the people involved feel, as
I do, that given the institutional "machinery" needed to make
this sort of thing work, it will be very preferable to have a
single, Internet-wide, certificate issuing and management
structure.
I think that the situation is very nicely summed up by the
experience, concerns, and potential solutions presented in the
Mendes / Huitema paper at last week's ISOC NDSS symposium:
"A New Approach to the X.509 Framework: Allowing a Global
Authentication Infrastructure without a Global Trust Model".
So, after this long-winded lead-in, my second question is
whether there is a mechanism (and / or desire) that will evolve
the rfc-1422 certificates rooted at the IRPA in the directions
suggested by Mendes and Huitema?
Any insights that you have about these matters will be
appreciated. (I am also sending this note to the
PEM-DEV list that I have been (trying to) read, as I have not
found another place where certificate issues are debated.)
Thx, Bill Johnston
Lawrence Berkeley Laboratory