RE: PKI is the pits?

["Eugene Kuznetsov" <eugene () datapower com>]

> Correct; this is functionally the same thing as pre-exchanging
> secret keys - only the key is the cert and it's "authenticated" via
> a telephone call. This is still primitive cryptography, it's just
> using high-tech tools: kind of like using a CNC milling machine
> to implement a stone axe. In most of these cases, secret keys
> would work just as well, be easier to field, have less performance
> (network and compute) cost, and be much less complex.

I love the CNC -> stone axe bit! But I'm not quite ready to take as far as
to say it's no better than symmetric schemes. Indeed, I'd argue that it's an
example of "lightweight PKI" being quite valuable in real life. The reasons,
in brief:

1. security advantage over shared secret, including the fact that a leaked
cert cannot be used to impersonate the client

2. uses standards-based, very widely deployed SSL infrastructure

3. promotes use of good crypto (instead of non or rot-13)

4. has a path for pragmatic adoption of other PKI subsystems

> meaning. Am I the only person who finds it silly that public key is
> largely used to set up temporary pipes over which passwords are
> exchanged? There is definite value to this, but "the cool stuff" is

Well, both SSL & WS-SecureConversation do this, after all, getting a bulk
encryption key exchanged. I think the missing bit here is that for
authentication & audit, the value of X.509 cert vs. username/password
(perhaps with challenge-response) is unclear. 

The cool stuff is when you get to digitally signing documents, encrypting
fields, and so on. And we've had no decent standards for that until
recently... I argue that the two best thing for "cool PKi" (note small "i")
in the 21st century are probably Adobe Acrobat and XML DSIG & ENC. 

> > unfortunately, XKMS is not taking off as quickly as one might hope
>
> There has to be a reason why it isn't taking off quickly. 
[..]
> Do you have any sense of what might be going on there?

I think that a big reason are the market forces that you did such a great
job of capturing in your note. There is not enough "push" behind XKMS,
especially when compared to the (literally) 100's of millions of dollars
being spent on promoting web services, WS-*, and SAML. Many of the PKI
vendors have been devastated, and for those still in business, the
investment in new technologies has slowed greatly. Plus, as you point out,
they may be somewhat unsure of whether making PKI easier will be good for
business!

Meanwhile, new vendors (without a significant installed base) may have XKMS
implementations, but do not have the customers. (The only real push has come
from Verisign via Managed PKI services, but I think there are other --
non-XKMS -- barriers there). So insufficient "vendor push" is one.  

Another is that many of the existing systems work, all that HTTP-CRL,
copy-cert-and-try-again stuff we talked about earlier. So customers are not
necessarily looking to replace them with XKMS, at least not until there is
another wave of PKI rollouts.  

Contrast also with SAML, which is in many ways more ambitious, but has both
a lot of push and a lot of pull. 

                                                -- Eugene


\\ Eugene Kuznetsov, Chairman & CTO  : eugene () datapower com 
\\ DataPower Technology, Inc.        : Web Services security 
\\ http://www.datapower.com          : XML-aware networks   

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards