CFP: PKI research workshop

lynn.wheeler at lynn.wheeler at
Wed Dec 26 15:03:19 EST 2001

note that the certificate-based PKI is an offline model .... it is the
credit card model pre-1970. the certificate-based PKI tends to bear a lot
of other resumblance to pre-1970 offline credit-card model .... the CRLs
invention is very similar to the paper booklets that were mailed out to
merchants every month of invalid credit card numbers (the credit-card
industry however had a significant advantage having a very strong
relying-party registration function .... so that there was high probability
of relying-parties getting the paper booklets of invalid numbers).

in the '70s, the credit card industry switched from an offline
infrastructures (aka similar to the certificate-based PKIs which were
effectively developed to address the offline email infrastructure of the
early 1980s) to an online infrastructure ... where every transaction was
executed online. A certificate-based PKI for credit cards would be like
regressing 30 years to the offline infrastructure (although using more
convoluted and complex technology). The issue is why would the payment card
industry want to regress 30 years to an offline model with
certificate-based PKI?

The financial industry has passed an online payment definition that does
use digital signature technology w/o all the complexity and short-comings
of a certificate-based PKI  (that would set-back/regress the infrastructure
30+ years to the offline model) .... which is X9.59.

Baiscally X9.59 defines a retail payment object that is valid for ALL
electronic online financial transactions (internet, non-internet,
point-of-sale, debit, credit, ACH, etc) which basically requires a digital
signature and does not require a certificate-based PKI.  The simplest
analogy is that digital signature technology upgrades the PIN-based
infrastructure found in current debit transactions and expands it to all
electronic financial transactions.

There have been some financial pilots using certificate-based PKI
operations .... but in all cases it is relatively trivial to show that the
certificate is redundant, superfulous and extraneous in an online world.
The certificates were effectively relying-party-only certificates
(basically containing an account number and a public key) .... in part to
meet liability and privacy requirements. Since only an account number was
used and the transactions &/or other operations were all online ... they
all referenced the account in order to execute the requested operation. It
is trivial to show that given online operation executioin (including things
like "logging in" for vaious kinds of things related to online banking
and/or other financial or securities industry transactions) .... that is
superfulous to have the certificate.

The certificate makes sense in an offline environment where there is no
prior business relationship between the entities. Given online situations
involving parties with prior relationships, certificates make no sense.

misc. x9.59 references:

misc certificate-less digital signature references (including pointers to
the NACHA/debit network implementation ... and a private key hardware token
description allowing the same private/public key to be used in an
arbritrary large number of different & public operations):

random client digital signature authentication refs:

misc. discussion of certificate-based SSL domain name operation:

ray dillinger <bear at> on 12/26/2001 12:03 pm wrote:

Yep.  So far, that's true.  Financial stuff is the only killer app
in sight for a PKI, and the financial services sector is conservative
and heavily regulated.  There is a substantial barrier to entry: just
try to imagine running off a few thousand PKI-backed credit cards and
going into business competing against mastercard/visa/amex.  Vendor
acceptance is slow and the regulatory hurdles are high.


Odds are, however, that each and every one of them is going to want
their own PKI -- where P stands for Private, or Proprietary, rather
than Public.  A Public Key Infrastructure happens when the chaotic
situation which that brings about gets consolidated and standardized,
so don't look for that for at least a decade.  Basically we have no
chance of getting a Public Key Infrastructure in place right now
because we don't have enough different Private Key Infrastructures
in place for it to have started to hurt yet.  People won't go for
the PKI until they are in some kind of pain that it relieves. And
if financial services businesses are involved, they will do it in
such a way that no PKI vendor ever makes a profit they could possibly
have made themselves.  Look for them to be buying regulations that say
PKI is part of financial services and can only be provided by licensed
financial services corporations sometime in the next few years.

Like I said, don't get too discouraged -- these things happen slowly
and it's very much a matter of stages of development.  People don't
do things until the pain of not doing them gets worse than the pain
of doing them.  Public Key comes about when Private Keys have been
common for several years and their multiplicity causes pain.  That
in itself will take several years after the Private Key structures
are fully adopted. The Private Key structures get adopted several
years after the profit margins, split between consumers, vendors, and
financial institutions, each overcome the pain of changing infrastructure.
That will take several years after the initial offering.  The initial
offerings are happening now in very restricted markets, but don't
look for it to happen in domestic consumer markets until the results
of the restricted-market offerings are several years old and the
technology involved hasn't changed AT ALL for several years. They
are looking for a technology that's been in use long enough to
establish a baseline and get results that look stable and repeatable.
That's when financial services companies will begin to take them
seriously enough to consider that the pain of deploying new
infrastructure may overcome the painof absorbing losses due to

These are just network effects: PKI will trickle through at the end
as surely as water runs downhill, because it's a better solution.
It's just going to take a decade or two, or maybe four or five
decades if there's a substantial monopoly somewhere in the industry.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list