Information Security News mailing list archives
PKI: An Ill-Fitting Artifact
From: Marjorie Simmons <lawyer () carpereslegalis com>
Date: Mon, 13 Nov 2000 16:27:37 -0500
Public Key Infrastructure: An Artifact Ill-Fitted to the Needs of the Information Society By Roger Clarke Visiting Fellow, Department of Computer Science, Australian National University Prepared for submission to the 'IS in the Information Society' Track of the Euro. Conf. in Inf. Syst. (ECIS 2001), Bled, Slovenia, 27-29 June 2001 Version of 9 November 2000 http://www.anu.edu.au/people/Roger.Clarke/II/PKIMisFit.html Abstract It has been conventional wisdom that, for e-commerce to fulfil its potential, each party to a transaction must be confident in the identity of the others. Digital signature technology, based on public key cryptography, has been claimed as the means whereby this can be achieved. Digital signatures do little, however, unless a substantial infrastructure is in place to provide a basis for believing that the signature means something of significance to the relying party. Conventional, hierarchical PKI, built around the ISO standard X.509, has been, and will continue to be, a substantial failure. This paper examines that form of PKI architecture, and concludes that it is a very poor fit to the real needs of cyberspace participants. The reasons are its inherently hierarchical and authoritarian nature, the unreasonable presumptions it makes about the security of private keys, a range of other technical defects, confusions about what it is that a certificate actually authenticates, and its inherent privacy-invasiveness. Alternatives are identified. Contents 1. Introduction 2. The Perceived Need 3. Conventional Technology 3.1 Digital Signatures 3.2 Public Key Infrastructure 3.3 The X.509v3 Standard 3.4 The Hierarchical Model of Trust and Liability 4. Private Key [In]Security 5. Other Technical Weaknesses in X.509 6. What Assurance Does an X.509v3 Certificate Actually Provide? 7. Privacy Concerns 8. Alternative Models of Trust 8.1 PGP's 'Web of Trust' 8.2 SPKI/SDSI 8.3 Stefan Brand's Alternative Certificates 8.4 Reputation and Brand 8.5 Nyms 8.6 Trust Management 9. Conclusions References ~~~~~ Marjorie Simmons, Esq. lawyer () carpereslegalis com http://www.carpereslegalis.com ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- PKI: An Ill-Fitting Artifact Marjorie Simmons (Nov 15)