Interesting People mailing list archives
IP: Broadband, Chip, ICANN, Global PKI, same story?
From: Dave Farber <dave () farber net>
Date: Fri, 28 Jun 2002 16:07:22 -0400
------ Forwarded Message From: Peter Bachman <peterb () cequs com> Organization: Cequs Inc. Date: Fri, 28 Jun 2002 14:27:17 -0400 To: farber () cis upenn edu Subject: Broadband, Chip, ICANN, Global PKI, same story? Frank Ferrante wrote:
The Internet Engineering Task Force (IETF) is working diligently on methods to implement a global PKI operation. Their biggest hurdle is how best to provide "Trust" that the certificates linked to Domain Names and IP addresses is capable to
be
supported by the process. If they succeed and if Microsoft, with the call
to
Intel and its Chip competitor to move out and do this now, is listened to (I don't own any Microsoft but I do own Intel), then the demand for the new computers with security built in will drive sales through the ceiling.
Caveat Emptor. Those following the ICANN meeting in Bucharest, will notice the same consistent themes of intellectual property, media content, openess or lack thereof, digital rights management, interests in global naming, and the need for uniqueness within any naming or numbering system. In fact this is how ICANN states it's position of being responsible for "uniqueness". "Specifically, ICANN coordinates the assignment of the following identifiers that must be globally unique for the Internet to function: Internet domain names, IP address numbers, protocol parameters, and port numbers" As such the IETF PKIX roadmap notes, (and other's have also stated the same thing) that the lack of effective global directory (X.500/LDAP) naming is one factor in holding up to some extent "the process". Thus we have various struggles for legitimacy in naming. Or the battle over unique identifiers. Especially when naming translates to some form of management or control, in terms of identity, or objects, and not just a way to locate something. I think the fact that most companies have ignored .biz is somewhat instructive, a lot of them just registered that had .com already. The potential of new GTLDs may represent potential income streams for the providers, but obviously the message is some form of control, either from the standpoint of the individual, a corporation, or government. A new GTLD will not help you integrate your enterprise business software, consistent identity, combined with strong authentication and authorization will. Putting identity (especially secure identity) onto the back of the DNS horse is a burden which has never quite fit, when there are other protocols which do it better. Secure DNS is hard enough just in itself. The IETF PKIX roadmap is useful reading for more background info. http://www.ietf.org/internet-drafts/draft-ietf-pkix-roadmap-08.txt DNS had nothing to do with original idea of certificates...in the design of X.509. But DNS is pervasive and works. X.500/LDAP style naming is there because that's the design. What see is a convergence of interests, occuring way above the level of the consumer, which may or may not affect their ability to actually do something useful. Does the average consumer care who runs the root servers? Would they care if they could not reach someone and that "universality of service" was balkanized? Browsers will enforce to some degree what is, and what is not a "valid" certificate. But functionally, what's important is that it turns on the crypto...and secondarily it attempts to validate, or presents to the consumer the choice as to whether the information is in fact valid. I wonder how many people have actually ever looked at the expired certificates in their key store? Thus is the individual a good gatekeeper for their own computer? Some corporations will not allow you to manage certificates on your own browser. For PA residents, we can renew our car registrations on-line, (a great time saving's service of e-government). Recently I was presented with an invalid certificate, from a CA's "Trust Network", and it was largely blank in the required attribute fields. However, as a consumer, I clicked though anyway, because it was about to expire, and I didn't want the problem of having an expired car registration. Now this is an "official" document, a fairly important one, for what it ties together, insurance, fiscal responsibility, and identity for my car's VIN, title, etc. to the state's computer system, and related LE functions. There was a comment field which I noted to them they presented an invalid certificate in the consumer survey. I don't expect a reply. But as a consumer, I have my registration. So does it matter? I care in terms of higher insurance costs if it promotes fraudulent claims... I care in terms of potential identity theft, I care about spoofed spam, and web sites. If I can get to a site via DNS do I care? If the crypto works, so much the better? As technologists, we care if these things work correctly, because we realize that otherwise it's a house of cards, and the "trust" collapses. The collapse of service providers is not a non-trivial event. When companies invest heavily in new technology, and useful technology they deserve a payback. That was the idea behind growth in productivity. There's an implicit promise of progress. It's not all Darwinian market forces. As Franklin noted, we need to be very concerned as to the pursuit of "useful knowledge" to keep our economy going. And we are awash in it. There's nothing wrong with a secure chip, it's a useful technology, but we can't divorce technology from the business climate, or the legal environment. And whether we want that level of enforcement at the processor level, (one ring to bind them) is something that consumers will have to carefully consider, as well as their choice of gatekeepers. -pb ---------------------------------------------------------------------------- -- peterb () cequs com cn=peter bachman o=cequs inc. c=US Peter Bachman Cequs Inc. ---------------------------------------------------------------------------- -- ------ End of Forwarded Message For archives see: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- IP: Broadband, Chip, ICANN, Global PKI, same story? Dave Farber (Jun 28)