CFP: PKI research workshop

Lynn.Wheeler at Lynn.Wheeler at
Sat Dec 29 17:22:13 EST 2001

everyday life has a lot of cryptography ... for instance ... there is quite
a bit of cryptography involved in every debit transaction (every time you
get money from ATM machine or use point-of-sale terminal).

a lot of PKI revolves around the business process of strong authentication
.... where some aspects of cryptography happens to be used. A subset of
this saw extremely rapid uptake with regard to SSL and online shopping
(again quite a bit of cryptography in use, one might make a case that
cryptography should be like electronic dsitributors, everybody may have one
... but very few could actually build one from scratch or even know thay
actually have one). One might be tempted to make the observation that
uptake rate is much faster if it is filling a new need as opposed to trying
to change existing operation.

However, PKI industry seems to have tried to make public key cryptography
and certificates an "end in themselves". First off, certificates are a
solution to strong authentication in an offline environment (aka early '80s
offline email paradigm) which doesn't have a very good match to most of the
business processes that are in use today.

A PIN debit transaction involves the relying-party (the consumer's bank
both authenticating and authorizing the transaction .... authentication
based on something you have and something you know ... and authorization on
a combination of authentication, available funds, any previous transactions
today, the aggregate value of any current day transactions, etc). Digital
signature can improve the integrity of the existing PIN-debit based
operation and also expand the use to open/insecure network (i.e. the
existing PIN-debit is predicated on closed, secure network). This is what
NACHA (national cllearing house association ... aka typically regional and
national financial industry organizations that provide infrastructure for
bank-to-bank wholesale financial transfers) did in the debit demonstration
.... basically upgrading PIN-based cyrptography for authentication to
digital-signature cryptography for authentication (where a shared secret
paradigm ... aka PIN-base was replaced with a non-shared secret paradigm).

There was no certificate necessary ... and, in fact, certificates aren't
really about cryptography, there are more about a specific kind of offline
business process (which is having difficulty finding a niche in an
increasingly online world).

Furthermore, not only is the offline-paradigm certificate model having a
difficulty finding a niche in an online world ... the idea of a purely
authentication business process is possibly having trouble finding its
... referencing prior posting that most business tend to perform
authentication ... a cost overhead ... as part of some useful, productive
business process (not purely an end in itself)

One might envision a Monty Python Department of Authentication. Citizens
are asked to visit their local Department of Authentication every day,
state their name, and provide certificate/credential for proof of their
claimed identity. The Department of Authentication doesn't actually record
that they've prooved any identity and citizens aren't actually mandated to
show up. However, if the citizens do show up everyday to their local
Department of Authentication, it makes the DoA employees feel that they are
providing a useful service in the scheme of the universe (as well as
certificates/credentials that are voluntarily verified everyday are better
than ones that aren't ... something like pet rocks).

Now, an interesting thing might be regarding rapid uptake of general
security. One could contend that majority of the market believes that good,
strong security should be an attribute of the basic infrastructure ...
somewhat like the issue of automobile quality in the '70s, not going to pay
any more for it ... but would migrate to a manufactor that had
significantly better quality. You then have the 1) vendors that  don't see
quality as worth while since they won't be able to charge more 2) new
vendors that would like to sell "quality" as a stand-alone attribute ...
not actually having to manufactor automobiles .... but somehow convince
customers that they can sell quality independent of any product, and 3)
vendors that feel that they can eventually gain market share by providing
better quality.

Substitute "security" and/or "PKI" in place of "quality".

Part of the issue is that security (and strong authentication) should be an
attribute of the basic infrastructure ... not something that exists by
itself in a vacuum.

odlyzko at on 12/28/2001 6:54 wrote:

Several of the comments about the slow uptake of PKI touch on what
seem to be two basic factors that are responsible for this phenomenon:

1.  Cryptography does not fit human life styles easily.  As an example,
truly secure systems would stop secretaries from forging their boss's
signatures, and this would bring all large beaucratic organizations to
a standstill.

2.  Novel technologies take a long time to diffuse through society.
"Internet time" is a myth.  As just one example, a news story I just
read was about the great success of online bill paying.  This is all
very well and good, but weren't we supposed to have that a long time
ago?  As a matter of fact, didn't Microsoft try to buy up Intuit back
in 1994 largely in order not to be deprived of the possibility of
controlling online payments?  (I have two papers on this subject,
one a short one, "The myth of Internet time" that appeared in the
April 2001 issue of Technology Review, and a longer, more detailed
one, "The slow evolution of electronic publishing," published in
1997, that argue that consumer adoption rates are not noticeably
faster now than in the pre-Internet days.  Both are available on
my home page.)

Andrew Odlyzko

  -----Please note new address-----

  Andrew Odlyzko
  University of Minnesota
  Digital Technology Center
  1200 Washington Avenue South
  Minneapolis, MN 55415

  odlyzko at       email
  612-624-9510          voice phone
  612-625-2002          fax

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list