Another entry in the internet security hall of shame....

[Anne & Lynn Wheeler]

James A. Donald wrote:
 > For PKI to have all these wonderful benefits, everyone
> needs his own certificate.  But the masses have not come
> to the party, in part because of the rather Orwellian
> requirements.  Obviously I cannot get a certificate
> testifying that I am the one true James Donald, because
> I probably am not.  So I have to get a certificate
> saying I am the one true James Donald SS xxx-xx-xxxx -
> the number of the beast.

the real issue in the early 90s ... was that the real authoritative
agencies weren't certifying one true identity ... and issuing
certificates representing such one true identity ... in part because
there was some liability issues if somebody depended on the information
... and it turned out to be wrong.

there was talk in the early 90s of independent 3rd party trust
organizations scene and claimed that they would check with the official
bodies as to the validity of the information ... and then certify that
they had done that checking ... and issue a public key certificate
indicating that they had done such checking (they weren't actually
certifying the validaty of the information ... they were certifying that
they had checked with somebody else regarding the validaty of the
information).

the issue of these independent 3rd party trust organizations was that
they wan'ted to make money off of certifying that they had checked with
the real organizations as to the validaty of the information ... and
they way they were going to make this money was by selling public key
digital certificates indicating that they had done such checking. the
issue then came up was what sort of information would be of value to
relying parties ... that should be checked on and included in a digital
certificate as having been checked.  It started to appear that the more
personal information that was included ... the more value it would be to
relying parties ... not just your name ... but name, ancestry, address,
and loads of other characteristics (the time of stuff that relying
parties might get if they did a real-time check with credit agency).

one of the characteristics of the public key side of these digital
certificates ... was that they could be freely distributed and published
all over the world.

by the mid-90s, institutions were starting to realize that such public
key digital certificates ... freely published and distributed all over
the world with enormous amounts of personal information represented
significant privacy and liability issues. you can also consider that if
there was such enormous amounts of personal information ... the
certificate was no longer being used for just authenticating the person
... but was, in fact, identifying the person (another way of viewing the
significant privacy and liability issues).

as a result, you started seeing institutions issuing relying-party-only
certificates in this time frame
http://www.garlic.com/~lynn/subpubkey.html#rpo

which contained just a public key and some sort of database or account
lookup value ... where all the real information of interest to the
institution was kept.

the public key technology ... in the form of digital signature
verification, would be used to authenticate the entity ... and the
account lookup would establish association with all the necessary
real-time information of interest to the institution.

this had the beneficial side-effect of reverting public key operations
to purely authentication operations ... as opposed to straying into the
horrible privacy and liability issues related to constantly identifying
the entity.

however, it became trivial to prove that relying-party-only certificates
are redundant and superfluos ... with all the real-time information of
interest for the instittution on file (including the public key) ... and
the entity digitally signing some sort of transaction which already
included the database/account lookup value ... there was no useful
additional information represented by the relying-party-only certificate
... that the relying party didn't already have (by definition, the
public key was registered with the relying party as prelude to issuing
any digital certificate ... but if the public key had to already be
registered, then the issuing of the digital certificate became redundant
and superfluous).

this was also in the era where the EU data privacy directive was pushing
that names be removed from various payment card instruments doing online
electronic fund transactions. If the payment card is purely a "something
you have" piece of authentication ... then it should be possible to
perform a transactions w/o also requiring identification.

as to the 2nd part ... passwords are a shared-secret, based,  intrenched
institutional-centric technology. it requires lot less technology
infrastructure to support a shared-secret password based operation. this
was ok back in the mar, 1970 ... when i got my first permanent home
terminal with userid/password login to the office computer ... and i
only had a single pin/password. however, as the decades passed ... the
number of shared-secret password/pin based environments proliferated to
the point where i now have to deal with scores of different values ...
all of which i'm suppose to theoritically have memorized, each one of
them being unique from the others ... and potentially have to be changed
montly.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com