[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: National CA?

>I am doing a research on CAs' and  would like to enquire if there are
>implementations of a National CA in any other countries apart from
>I am refering to any CA implemetation initiated by the Government and
>not any commercial implemetation.
>Thank you.

As far as I know, there are no other national CAs implemented.  Even
the German government, after its recent Digital Signature law, is not
planning to implement a national CA.  Instead, they will license
private companies as CAs.

Meanwhile, our work on SDSI and SPKI has caused us to question the
wisdom of building a national (or worse, global) public key directory.
There are many problems with directories mapping names to public keys.
The bigger the directory gets, the more problems.  Traditional
approaches to (name,key) certification show signs of failing for a
number of reasons:

1. The Internet contains too many names, too close together, for a
national name directory to be useable with assurance that you have
identified the correct person.  You might need a secure channel to the
person in order to ask him or her what his or her name is -- but the
purpose of the PK directory is to let you establish that secure
channel in the first place.  If you have a secure channel to the
other person, then you don't need the PK directory.

See: http://www.clark.net/pub/cme/html/usenix.html for a way to
establish secure connections without such directories, if you are
connecting to an old friend.

2. Unique names over a nation (or the whole Internet) are too long to
be used conveniently in an Access Control List (ACL), especially if
you use X.400 style names.

3. A directory of company employees, which gets published as a part of
a national or global PKI, is usually considered company secret
information.  Therefore, it is unlikely that company employees would
be found in such a directory -- identified with their company, that
is -- but that is one of the announced purposes of this directory.

4. For secure e-mail between friends or co-workers or for EDI among
businesses which already have bi-lateral cooperation agreements, it is
far more secure and simpler (and inexpensive) to avoid certificates
issued by some national or global PKI and instead transfer public keys
directly between the parties involved, as is implemented and working
already with PGP. This becomes especially secure if the individuals
generate SDSI certificates for these bi-lateral relationships.

5. For e-commerce between strangers (ie., those not covered by the
previous point), the customer and merchant will most likely not have
met in the physical world and be likely never to meet, so their names
are as irrelevant as the name on an ATM card. [My ATM card has no name
or signature space, by the way.] Instead, we need certificates like
those defined for SET which attach a permission to a public key (e.g.,
the permission to use a specific credit card or the permission for a
merchant to accept credit cards of a given brand).  SPKI provides
such certificates.

6. To give consumers assurance when dealing with well known
corporations, there is a need for a certificate tying the registered
trademark(s) of the company to the company's key(s), but such a
certificate is not part of a phone-book-like directory containing
consumer names and should probably be issued by government
organizations like the USPTO rather than some hierarchy of Trusted
Third Parties.


See: http://www.clark.net/pub/cme/html/spki.html for more on this
alternative certificate work.

 - Carl