Some thoughts on high-assurance certificates

Anne & Lynn Wheeler lynn at garlic.com
Mon Oct 31 12:13:26 EST 2005


Peter Gutmann wrote:
> And therein lies the problem.  The companies providing the certificates are in
> the business of customer service, not of running FBI-style special background
> investigations that provide a high degree of assurance but cost $50K each and
> take six months to complete.  The same race to the bottom that's given us
> unencrypted banking site logons and $9.95 certificates is also going to hit
> "high-assurance" certificates, with companies improving customer service and
> cutting customer costs by eliminating the (to them and to the customer)
> pointless steps that only result in extra overhead and costs.  How long before
> users can get $9.95 pre-approved high-assurance certificates, and the race
> starts all over again?

when we were doing this stuff for the original payment gateway ...
http://www.garlic.com/~lynn/aadsm5.htm#asrn2
http://www.galric.com/~lynn/aadsm5.htm#asrn3

we had to also go around and audit some number of these relatively (at
the time) brand new organizations called certification authorities ...
issuing these things called digital certificates.

we listed a large number of things that a high assurance business
service needed to achieve (aka explaining that the ceritification
authority business was mostly a business service operation). at the
time, several commented that they were started to realize that ... it
wasn't a technically oriented local garage type operation ... but almost
totally administrative, bookkeeping, filing, service calls ... etc (and
from an operational standpoint nearly zero technical content). most of
them even rasied the subject about being able to outsource their actual
operations.

the other point ... was that the actual design point for digital
certificates ... were the providing of certified information for offline
relying parties ... i.e. relying parties that had no means of directly
accessing their own copy of the certified information ... and/or it was
an offline environment and could not perform timely access to the
authoritative agency responsible for the certified information.

as the online infrastructure became more and more pervasive ... the
stale, static, digital certificates were becoming more & more redundant,
 superfulous and useless. in that transiition, there was some refocus by
certification authority from the offline market segment of relying
parties (which was rapidly disappearing as the online internet became
more and more pervasive)) to the no-value relying party market segment
... aka those operations where the operation could justify the cost of
having their own copy of the certified information AND couldn't cost
justify performing timely, online operations (directly contacting
authoritative agency responsible for certified information). even this
no-value market segment began to rapidly shrink as the IT cost rapidly
declined of maintaining their own information and the telecom cost of
doing online transactions also rapidly declined.

while the attribute of "high-assurance" can be viewed as a good thing
... the issue of applying it to a paradigm that was designed for
supplying a solution for an offline environment becames questionable in
a world that is rapidly becoming online, all-the-time.

it makes even less sense for those that have migrated to the no-value
market segment ... where the parties involved that can't cost justify
online solutions ... aren't likely to find that they can justify costs
associated with supporting a high-assurance business operation.

part of the issue here is the possible confusion of the business process
of certifying information and the digital certificate business operation
targeted at representing that certified information for relying parties
operating in an offline environment .... and unable to perform timely
operations to directly access the information.

this can possibly be seen in some of the mid-90s operations that
attempted to draw a correlation between x.509 identification digital
certificates and drivers licenses ... where both were targeted as
needing sufficient information for relying parties to perform operations
... solely relying on information totally obtained from the document
(physical driver's license or x.509 identification digital certificate).
there was some migration away from using the driver's license as a
correlary for x.509 identification digital certificates ... as you found
the majority of the important driver's license relying operations
migrating to real-time, online transactions. a public official might use
the number on the driver's license purely as part of a real-time online
transaction ... retrieving all the actual information ... and not
needing to actually rely on the information contained in the driver's
license at all. it was only for the relatively no-value operations that
the information in the physical drivers license continued to have
meaning. any events involving real value were all quickly migrating to
online, real-time transactions.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list