Its interesting to watch how a cipherpunks mentality seek out
attack scenarios on security systems. Having worked their way
up breaking ciphers, key generation, key exchange, randomness, etc, some are
finally understanding that the key to an X.509 authentication framework
is the trust model. Break the key distribution, you break the
rest of the system. Break the public trust semantics, you break
public confidence. Noone will use the system, of course. pem-dev
has been through this debate many times.
Now PEM 1422 has long embodied the notion of authority - a term
which probably annoys most anarchists intrinsically. When authentication
frameworks are applied to commerce systems, one can protect somewhat against
brute-force and guessing attacks on the merchant somewhat by relating
hacking activities to fraud and inter-state fraud conspiracy laws, given
the nature of the systems which are being attacked.
Its interesting to see note that civil authority has to be enforced
through legal means - but, so what is new! Authority nearly always
requires a force element.
We have argued here a dozen times about the vulnerability of having a user
spoof a CA, and thus bring a domain into disrepute. We all know the
mechanisms for protecting against this in 1422/MISSI v1, and can consider
the mechanisms
for v3 equally. Regardless of policy rules, delegation of authority of
one software CA to another can always introduce vulnerabilities based
on non-compliance of the subordinate authority. In a real world, large-size
free-and-easy commercial system, one cannot expect policy agreements to be
policed
actively. There has to be trust, else an wholly automated enforcement mechanism.
While delegated trust can be partially enforced through fraud suits, and
agreement violation suits, its all seems a bit too heavy for general purpose
use, even once a few practising anarchists are put under legal investigation,
charges filed, or damages sought against any conspiracy group.
So, does this mean that for a Internet privacy and commerce system to
suceed without introducing an attorney-fest, we are effectively forced
to rely upon hardware control systems to restrict delegation of issuing
authority?
It certainly beginning to look that way. Many people expect public-key
to explode in use, shortly, for both RSA and DSA (hurray for USPS). Does
this mean the end of the software CA experience, however?
Anyway, its exciting to have all this material really hitting the road
for real. Its wonderful to actually find out which bits really work
in the commerce versus a miltary, or the traditional 'net environment.
Peter.
Finally, I remember when thinking about the USPS concept of operation
how powerful the "lying to a Federal officer" mechanism is for
enforcing trust mechanisms. However, its not powerful, if there is
no will to start prosecuting those who lie, obviously.
Its seems strange that as publickey gets massively freer - in terms
of licensing etc,. the next enforcement problem suddenly gets much, much
larger - certification!