Payments as an answer to spam (addenda)

[Peter Gutmann]

Anne & Lynn Wheeler <lynn at garlic.com> write:

>The transition to the online paradigm involved asking is the payment
>approved, nothing to do (directly) with the validity of any credential. 

Well, it depends on what it is you're asking.  In abstract terms the relying
party is querying an authority about the validity of some predicate p().  For
a credit card this might be p( can_debit_$1000_from ) (with an implied
expansion to is_account_in_good_standing, account_contains_$1000,
relying_party_is_allowed_to_debit, etc etc).  For an access-control-mechanism
this might be p( is_allowed_access_to ) (with a similar background expansion).
SPKI was an extreme form of this, making the predicates and predicate-
evaluation process very explicit, which from a techie's point of view made it
rather nice to analyse and work with.

In contrast, the only predicate an X.509 certificate can assert is the
tautological p( is_an_X509_certificate ).  So while the CC and access-control
systems are set up to handle dynamic information and thus can answer useful
queries like ones related to current account balances and an ability to pay a
given amount, the only thing you can do with a cert is query whether the
static information that was originally dumped in there is currently still
valid.  So all you can ask is (as you've said above) whether the credential is
still valid, because the design doesn't allow you to do anything else.

Now there does exist a red herring in the form of attribute certificates, but
they're merely an attempt to plaster over the cracks of X.509, and in any case
in their current form are an unproven hypothesis rather than a workable
solution.

>In general, there is almost nothing that you really want to put into some
>document that is going to be sprayed all over the infrastructure for
>everybody to examine. The original premise for X.509 was that there would be
>some information in the contents of the certificate, that a relying-party
>could take a look at for the basis of making a decision w/o requiring
>anything more .. like online access or previously obtained information. 

It wasn't even that, it was originally designed solely for use for user
authentication to the worldwide X.500 directory (something which is very
obvious in the structure of an X.509v1 cert), a problem that never eventuated.
It is quite literally a solution in search of a problem.  The difficulty in
applying it to any pressing real-world problem arises directly from its X.500
origins.

Unfortunately any attempts to fix this by switching to practical, widely-used
technology (e.g. dump X.500 DNs as identifiers, use online whitelist checking
instead of offline blacklists, move them around using HTTP instead of
X.500/LDAP, etc etc) so you can actually do something useful with the things,
is met with extraordinary resistance by the people writing the standards.  As
the quote on my home page says: "[PKI designs are based on] digital ancestor-
worship of closed-door-generated standards going back to at least the mid
80's. [...] The result seems to be protocols so convoluted and obtuse that
vendor implementation is difficult/impossible and costly".

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com