A mighty fortress is our PKI, Part II

Pat Farrell pfarrell at pfarrell.com
Wed Jul 28 23:52:56 EDT 2010 

On 07/28/2010 08:44 PM, Steven Bellovin wrote:
> When I look at this, though, little of the problem is inherent to
> PKI.  Rather, there are faulty communications paths.
> 
> You note that at t+2-3 days, the CA read the news.  Apart from the
> question of whether or not "2-3 days" is "shortly after" -- the time
> you suggest the next step takes place -- how should the CA or Realtek
> know about the problem? 
> [snip]
> The point about the communications delay is that it's inherent to
> anything involving the source company canceling anything -- whether
> it's a PKI cert, a pki cert, a self-validating URL, a KDC, or magic
> fairies who warn sysadmins not to trust certain software.

While I'm quoting Steve, his comment really drives me to a bigger break.

I'd like to build on this and make a more fundamental change. The
concept of a revocation cert/message was based on the standard practices
for things like stolen credit cards in the early 1990s. At the time, the
credit card companies published telephone book sized listings of stolen
and canceled credit cards. Merchant's had the choice of looking up each
card, or accepting a potential for loss.

A lot of the smart card development in the mid-90s and beyond was based
on the idea that the smart card, in itself, was the sole authorization
token/algorithm/implementation.

How about we posit that there is networking everywhere? People carry
"cell phones" that are serious computers and are connected to serious
networks.

When was the last time you used a paper Yellow Pages?

How about thinking of a solution that addresses 98% of all transactions
for 98% of all people in the places where 98% of business is done. At
some point, the perfect is the enemy of the good. If you have a selling
hut in the middle of nowhere, well, you probably don't have a lot of
computer power either. So calculating to do an RSA signature is out of
the question anyway.

A risk based approach would have an algorithm that looks at the value of
the transaction. Buying a meal at a fast food place is not worth a lot
of effort, so the definition of "shortly after" can be a second or so.
Buying new 3D TV can have a longer time, with the time allowance, and
expected/acceptable response time, perhaps time for automated actuarial
analysis. When you are signing a contract to buy a house, you can take a
day to verify that everything is proper.

We have fast computers and ubiquitous networking. Why are we still
thinking about systems based on 3 inch think paper books?

We seem to be solving a problem that no longer exists when you look at
it from first principals.

Pat

-- 
Pat Farrell
http://www.pfarrell.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list