A different Business Model for PKI (was two other subjects related to the demise of Baltimore)

Ed Reed ereed at novell.com
Fri Sep 26 09:38:31 EDT 2003


I've suspected that the pricing was set along a line of thinking that
goes like this...

1) work group and departmental networking managed to charge $100-$150 /
yr / user
in exchange for making user administration, file and print share access
control
management and other related identity management functions (email)
"easy"
for Windows users.  That price model was successfully set back in the
NetWare 3 and 4
days, and has continued pretty much to the current day.  It made sense
because
managing user accounts and user desktops is really, really expensive in
terms of
personnel costs.

2) PKI vendors looked at that and must have said - gee, if we can get
$100-$150/yr/user
for managing identity around PKI certificates, why shouldn't we?  And
so they tried.
Some of their offerings, securing VPNs, b2b file transfers, etc. were
good, but
things like S/MIME (really just updated PEM) still aren't worth it,
given how difficult
it STILL is, even with ubiquitous directories, to manage individual
cert lifecycles for users
when personnel turnover approaches 30% per year.

3) the standards groups, PKIX in particular, still haven't addressed
the cert life cycle
management issues, and neither has the market place, in any coherent,
interoperable
fashion - they've got their hands full getting simple things like LDAP
storage of certs
working right, and are more interested in computing trust across
arbitrarily long
chains of root ca cross certifications (bridges).

4) the PKI vendors IPO's were based on the $100-$150/yr/user business
model

5) because of #3, customers wouldn't pay, resulting in the "shakeout"
in the industry

6) new markets for PKI, like companies who want to issue identity
certs
to each of their customers, or manufacturers of, say, cable settop
boxes or mobile phones,
who need end-point-authenticated out-of-the-box self-registration and
accountably
secureable connections for MILLIONS of new devices / customers per year
can't
get the PKI vendors to budge on their rediculous price points, so they
look elsewhere.

After some research, it appears to me that there's a tidy little
business possible for
someone to break the mold.

Sell PKI software the same way you sell Manufacturing software - on the
basis
of the size and complexity of your installation and its support costs,
not on the 
basis of the number of widgets you manufacture.

Price points between $0.002 and $0.20 per cert would allow someone
needing
20 million certs to buy for $40K - $4M, depending on how integration
complexity
they have.  Add-on sales for insurance and warrantee (for loss of
business
coverage) and high assurance operational costs they need to cover
their
own liability would be extra.  Certs need not expire very quickly -
these are identity certs
that can last as long as the device / policy holder lasts, or until
technology
makes them obsolete.  I wouldn't even price it per cert, but you've got
to
have the comparison available to show the difference.  The point is
that
$1M-$4M is well within reason for many of these kinds of applications,
but
$100 x 20M = $2,000M isn't.  To be fair, vendors in discussion for
these
kinds of applications appeared to be willing to "come down" to $40M or
so, or about $2 per cert per year - still an order of magnitude too
much.

The business profits come from charging for consultant aided
integration of 
the key generation (where key escrow is desired) and certificate
signing requests into order processing and manufacturing operations, so
that
chips or customer databases are populated with identity information
when
the device is manufactured.  Registration occurs when the device comes
alive and contacts its pre-configured service depot at power up to
receive
configuration / customer policy information customized for its use.  Or
when
the policy holder connects to the customer portal and authenticates
via password / pass phrase / policy information knowledge (the same
way registration for phone access to policy information is provided
today).

Using PKI in these applications is completely different from the S/MIME
model,
but addresses real business needs.  It allows out-of-the-box strong
authentication of devices at power on (assuming network connectivity). 
That
provides for a whole new raft of delivery chain customer service and
provisioning
solutions that are really cumbersome, today, without PKI.  For
customer
databases, it allows the vendor to use PKI-based authentication from
portal
servers into back-end systems (you really, really don't want to think
about
provisioning 20,000,000 consumer's browsers with personal certs, do
you?  Why,
do you own a customer support phone bank needing work?) while
supporting
smart card and other stronger authentication into the same back end
systems
for administrators and customer support folks, with full accountability
(auditability)
and separation of duties based on the strengths of the authentication /
cert
key protection (documented by the CAs who issue the certs based on the
key protection and strength mechanisms)

And note something else - this volume of cert usage is all within
single companies
so there's no cross certification issue at all!  It can easily be
deployed under
a single root ca, so if the cross certification trust routing
algorithms ever progress
beyond the moral equivalent of RIP (or even RIP2) you can discuss
broader
uses.

The point is that the PKI world has ignored gigantic opportunities for
deployments
while chasing after what are ultimately ungrateful markets - email
certs.  Big 
companies can't go after this business, though - it's lower margin,
because its
commodity-oriented, and there's still substantial investment needed to
create
the scaleability needed in OCSP and CRL processing, just for instance. 
But it's
ought to be a nice business for someone able and willing to crack the
egg and
introduce a different business model all together for PKI solutions.

I tried to interest some VCs in the approach, but it was right before
and after 9/11
and people's heads were somewhere else.

Anyone care to make a go of it?  If we start now, we ought to have a
nice
little company to pay for my/our retirement in 15-20 years...5 yr IPO
exit
strategists need not apply.

Ed
>>> Peter Gutmann <pgut001 at cs.auckland.ac.nz> 9/25/2003 5:24:48 PM >>>
Ed Gerck <egerck at nma.com> writes:

>PRICING STRATEGY: CAs should keep their prices high and find ways to
add
>price to current products (eg, offering insurance, different
certificate
>classes, benefits for CRL access, etc.) -- because the potentially
difficult
>mid-term future of such business impose the need for a large ROI in a
short
>time. This is probably not a long-term business activity.

Actually there's a second aspect to this as well: Verisign's managed
PKI
services.  The idea here is that since PKI (specifically, the X.509 PKI
model)
is too hard for any normal person or organisation to handle, you charge
people
an enormous amount of money to run their PKI for them.  You end up
talking to
a Verisign cloud that acts as an authorisation oracle ("Is this thing
OK?" -
"Yep, go ahead"), although exactly why you need a PKI for this rather
than
(say) a basic challenge-response protocol to query the cloud is unclear
(maybe
it's a fashion thing, or an in-joke that no-one's let me in on).  As a
moneymaking racket, it's second only to the "make the browser warning
dialogs
go away" one: First you create an unworkable PKI design (although
Verisign
didn't do that, they're just taking advantage of it), then you charge
people
buckets of money to run it for them (and in terms of money-earners, it
leaves
the $495 server certs in the dust - it's sort of like a PKI-DNS
service,
except that you pay 5-6 figure sums for your name/key registration).

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to
majordomo at metzdowd.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list