I think that the situation is very nicely summed up by the
experience, concerns, and potential solutions presented in the
Mendes / Huitema paper at last week's ISOC NDSS symposium:
"A New Approach to the X.509 Framework: Allowing a Global
Authentication Infrastructure without a Global Trust Model".
The issue of training, credentialing, etc., more properly belongs in the area
of an authorization certificate. It is unfortunate that one of our basic
identification documents, the driver's license, confuses these concepts. A
better example would be a passport and an international drivers license. I
would suggest that you contact the X9 standards people to see what they have
underway in this area.
Even in the area of identification policy, it is highly unlikely that we will
see a uniform national, much less international, standard emerge. (Bill Clinton
will want to give a certificate to everyone who can walk or swim, and Newt
Gringrich will insist that a person's ancestors trace back to at least the
Mayflower. :-)
There is some work going on in the ABA that may lead to the correlation between
the amount of risk that originating party undertakes, in perhaps four steps
ranging from strict liability to simple negligance being a suitable excuse for
getting out of a signed agreement. The technical community can then address the
technical risk of compromise and the cost of protecting against such a
compromise occuring in the key management area, and suggest four technical
alternatives ranging from two person control with strong tamper-proofing and
biometric identification, down to a simple software implementation protected
with a passphrase. Hopefully, we can then develop some corresponding guidelines
for personal identification, perhaps ranging from a complete background
investigation with fingerprints, down to an unsupported claim of identity (or
even pseudonyms). (Interestingly, in the case of the homeless and other benefit
recipients, it isn't so important who the person is (a metaphysical concept at
best), but some assurance that whoever he is, one and only one person can use
that "identity" to claim benefits.)
So, after this long-winded lead-in, my second question is
whether there is a mechanism (and / or desire) that will evolve
the rfc-1422 certificates rooted at the IRPA in the directions
suggested by Mendes and Huitema?
As Michael Roe indicated in the slides he presented on behalf of Mendes and
Huitema, X.509 version 3 provides the capability of extending the certificate
infrastructure in the direction you indicated, and by the way I agree almost
completely with that excellent paper. Warwick Ford has previously posted the
preliminary version of a set of proposed extension attributes, but the
technical community outside of X.509 is just now beginning to come up to speed
on them.
I am hoping that the chair will soon appoint a working group to address these
issues, and you may want to participate.
Thx, Bill Johnston
Lawrence Berkeley Laboratory
Bob
--------------------------------
Robert R. Jueneman
GTE Laboratories
40 Sylvan Road
Waltham, MA 02254
Internet: Jueneman(_at_)gte(_dot_)com
FAX: 1-617-466-2603
Voice: 1-617-466-2820