The reality is that most global standards need relatively simple
strings. In the case of global certificates, we need to pay very, very
close attention to what we have learned vis a vis Internet vs. X.400
addresses. A little-known fact is that X.400 addresses were developed
largely by Arpanet folk. We thought the generality would be a good idea.
We were wrong.
I'd take this a step farther, which is that among the important points being
missed is that there are already established CAs with assurances
ranging from none (anonymity) to biometrics, already being used for
commerce. They just aren't certifying key pairs yet. Visa, MasterCard,
American Express, checks, banknotes, passports, etc. work pretty well--The
"need" for a global public key certification infastructure is, in my opinion,
highly overstated. I think it results from assuming that X.509 certificates
are a universal solution; an example of the "if all you have is a hammer..."
effect, reinforced by those people whose business is to sell hammers.
This, in turn, is a result of thinking that public key encryption is the
universal algorithm. Now, don't get me wrong--I think that public key
cryptography is the coolest application of discrete math to come down the
pike in a long time. However, for most applications it's pretty much
unnecessary, despite its technical merits in many respects.
People will only use something that gives them a perceived value that
outweighs the perceived hassle. Right now, not even PGP does this except
for a few people, much less PEM/MOSS/PKCS. I'm reasonably literate in
information security, and even I don't bother with using secure email,
despite having a nice shiny X.509 certificate signed by RSA's Commercial
Certification Authority and nice GUI-based software to use, simply because
it's too much bother. This is where, in the end, all "security for
everyone" proposals have fallen down. It may also be where physical
tokens end up winning, despite a very slow start.
Electronic commerce is the same way. I do electronic commerce quite often
by giving a credit card number over the phone; I don't expect Internet
commerce to be any more secure, but I *do* expect it to be at least as easy.
Plaintext email is too open, but a simple Diffie-Hellman key exchange on
a WWW connection followed by DES or RC4 encryption with that key would be
fine with me. Or, for many purposes, good old symmetric encryption: open an
account with a vendor, get a personal pass phrase. Hash it down to 56 or
112 bits with a good one way hash function, and voila--just as secure as
PEM or PGP. Only the key distribution mechanism is different. In the end,
X.509 is just about key distribution, and it's far from the only useful
approach to the problem.
I don't mean to brush over the very real new problems presented by Internet
(or, more generally, real-time automated) commerce, but I view the debate
over X.509/X.509v3/ASN.1 to be basically irrelevant to solving those
problems.
Amanda Walker
InterCon Systems Corporation