[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: non-key-sharing

To: Bob Jueneman <BJUENEMAN@novell.com>, Bob.Smart@cmis.CSIRO.AU, cme@cybercash.com
Subject: Re: non-key-sharing
From: Bill Frantz <frantz@netcom.com>
Date: Tue, 11 Nov 1997 22:56:14 -0800
Cc: spki@c2.net
In-Reply-To: <s46836d7.097@novell.com>

At 9:42 AM -0800 11/11/97, Bob Jueneman wrote:
>>
>>
>>I get the feeling that there is an underling assumption that key pairs are
>>a scarce resource.  This is certainly not true in the SPKI case, although
>>it may be in the more general digital signature realm.  In the banking
>>case, I specifically mentioned the assumption that the key pair used was
>>specific to the account.
>>
>>If key pairs are to be considered scarce, what technical and social steps
>>must we take to make them scarce?  If they are not scarce, then people who
>>want to "informally delegate" them have no incentive not to share them.  A
>>modest charge for a cert will only be a modest disincentive.
>>
>
>I don't think that the keys themsleves are scarce. Rather, it is that
>certificates are expensive, because of the administrative burden and
>liability implications of binding of the key to anything at all, whether an
>"identity" or a set of capabilities.  (I'm using the term certificate in the
>most generic sense, not tied to X.509 or any other format.)
>
>You can certainly make certificates inexpensive, but only by making them
>essentially worthless to the relying party.

What do you think the market charge will be?  $1.00?  $10.00?  $100.00?
$1000.00?

At the low end, you have a viable commercial system that consumers may buy
into.  At the high end, only businesses can afford it.

Going back to the example of the bank account signature keys, does it
matter to the bank (who is issuing the cert saying that key pair (Ks, Kp)
has signature authority over the account) whether (Ks, Kp) is unique to
that account, or the subject of an identity cert issued by the US Post
Office?

If the bank charges me $10.00/key pair for certification, it certainly
gives me incentive to share my secret key with my wife.  The higher the
charge, the greater the incentive.


-------------------------------------------------------------------------
Bill Frantz       | Internal surveillance      | Periwinkle -- Consulting
(408)356-8506     | helped make the USSR the   | 16345 Englewood Ave.
frantz@netcom.com | nation it is today.        | Los Gatos, CA 95032, USA

Prev by Date: Re: non-key-sharing
Next by Date: Re: RE: non-key-sharing
Prev by thread: Re: non-key-sharing
Next by thread: Re: non-key-sharing
Index(es):
- Main
- Thread