Financial Cryptography

somewhat related posting on the subject earlier today:
http://www.garlic.com/~lynn/2005f.html#20

part of the issue with generalized 3rd party certification authorities ... is what should they go about certifying (and putting into a certificate) that might be of some use for future relying parties.

in the early 90s ... there was the idea of x.509 identity certificates. however it wasn't necessarily known what all future relying parties might find of use ... so there was a tendency to put more and more information in, grossly overloading certificates with privacy information.

in the mid-90s ... there started to be some awareness that such certificates represented extreme privacy and liability issues ... and there was some retrenchment to relying-party-only certificates. however, it is trivial to show that relying-party-only certificates are redundant and superfluous
http://www.garlic.com/~lynn/subpubkey.html#rpo

finally there is the whole issue that digital certificates design point were for offline relying parties that had no previous contact with the originating party and had no recourse to any (other) information about the originating party (other than what was provided by a possible digital certificate ... i.e. the paper letters of credit paradigm from the sailing ship days).

that market niche is rapidly disappearing in the pervasive and ubiquitous online world.

what is primarily left are the no-value business processes that can't justify the highly quality and more valuable online, real-time information ... and resort to the offline digital certificates (as being less expensive). however, no-value business processes can't hardly justify the expenses associated with any high assurance and high integrity certification processes.

Lynn,

I have it on good authority that nobody in the SSL or CA world understands what you are saying. Which is just as well as otherwise they would just shoot themselves in a fit of depression.

Still I think there will always be some enduring value for the larger sites to go for something akin to identity certificates. But their usage is so asymmetrical and so small it doesn't justify the huge effort put into SSL and PKI; only if we can get more usage at the zero and low-cost ends does the investment get justified.

In the vast majority of cases, if I care about the real-world identity of my communication partner (such as my bank), I also have a means of exchanging keys with them in a reliable fashion. For example, when I visit the branch.
Otherwise, I usually only care about my partner is being the same as last time. In which case opportunistic key exchange is the way to go.
Thus, I have barely any reason to turn to a CA for establishing a communication partner's identity.

As far as certs of domain names go, I do not understand why we don't get one automagically when registering domains. After all, the registrar must vouch for our ownership of the domain anyway. Why not do it in a digital form? And what can a CA that is not a domain name registry certify? They can check the registry allright, but so can anybody else.

In Eastern Europe, the CA business is the hotbed of corruption. I have a sneaky feeling that it is not much different in other parts of the world, it's just people are less honest about it to themselves and each other.

I can never understand what Lynn is saying either, between all those ellipses and pointers to irrelevant lists of posts. If he would learn to use capital letters and periods, and make his messages self-contained, then he might have a better chance of being heard. If his message is one that people don't want to hear, there is no reason to insert additional barriers by writing incomprehensibly.

The countermeasure seems to be a similar solution, which Herzberg and Gbara have proposed last year. They call it TRUSTBAR!

Good idea - unfortunately, not new!

So in quoting Tiggee as an example you've proven the point of why you need a cert that has the details inside.

"DNS Made Easy is a revolutionary service operated and designed by Tiggee LLC, a leader in the Internet industry"

If it were a domain cert you'd have no idea who was behind the site. At least now you have confidence that the Cert Auth has checked out Tiggee and they exist.

;-)

Hey Dave,

I proved nothing like that, you just turned the case for cert information into its own proof, entirely circular.

Read what I wrote above: I commented on the odd name. But, I didn't then say the cert was unusable; in fact I've been relying on that cert for some time for domain stuff.

How could I possible rely on that cert? Well, I did some other checks, and keep doing other checks: they seem to do DNS and they keep doing DNS; I literally have no interest at all who is behind the site (Tigger, Poo Bear or any one of a thousand other children's characters is fine by me) as long as they keep doing my DNS!

It may be that the security industry is impressed with bed-time stories about how an identity cert will save us from fraud, but in the adult world, companies like an LLC in Delaware in the name of Tiggee are $100 a pop, and a cert in that name would then be $30 more. All totally legal.

Gee, now that I think of it, I know where I can get a fully legal entity for about $60. I suppose we could start a competition in the cheapest fully legal non-fraudulent identity-based SSL cert in a dodgy name?