[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Designer Certs

>>Another camp says, this is the area where humans have to enter,
>>where trust is going to be established in long meetings with lots
>>of lawyers sitting round the table.
>It seems to me that the two "camps" you describe are really the same
>people sitting in the same campground.  The only thing the first camp is
>saying (as far as I can tell) is that once the humans have entered, once
>the trust has been established in long meetings, there is a need to
>define a bits-on-the-wire protocol so that the certification can
>actually take place.

I don't think that the protocol you describe is necessary. My 
experience of such negotiation suggests that such negotiations 
are likely to be long and expensive, even for a simple bilteral
deal between two CAs. 

Think about negotiating an EDI exchange agreement as a likely
cost base - last I heard those still cost about $10K a pop. 
Interdomain CA certification is much more complex since
the first thing you are going to have to do is educate all the
company lawyers about what PKI is and what to be worried about.

>The lawyers sitting around the table will not pass around public keys
>like they pass around business cards. 

Why not? If it is going to take the $10K to negotiate each 
agreement does it really matter if the implementation requires 
ten minutes or ten seconds?

Exchanging the certificate is not the problem. The problem is
deciding whether you want to do that, whether by doing so you 
will discover you are taking on a huge liability you are unaware of.

> This exchange will happen
>electronically (probably after the paper documents have been negotiated
>and signed by hand), so there needs to be an automated mechanism whereby
>an electronic request for cross-certification is sent and an electronic
>response (containing the cross-certificate) is returned.

I still think you be putting cart before horse. 

I don't think that the existence or not of an automated mechanism
makes any difference. I think that the critical misunderstanding
that CMP is based on is the idea that decisions about forming
business relationships involving trust are minor ones which can
be handled cheaply at the administrative levels of an organization
rather than a central preoccupation of mid and senior level

In practice there has to be some means of simplifying the 
agreements. That will in most cases entail some form of
standardization of certification practices. 

Furthermore it is cheaper for a specialist to do this than it 
is for a non specialist, even for a single time since they will
presumably have built up experience and infrastructure to
streamline the process. Should Citibank decide to make a
practice of issuing cross certificates via CMP are they going 
to insource or outsource that activity? My guess is outsource
as they do with credit data.

In any case what business model is that activity going to follow?
Where is the profit to any organization allowing their senior
level management to be tied up in an endless series of cross 
certification deals? Surely it is easier for an organization to
require anyone who does business with them to be recognized
by an acceptable third party?

Pretty soon we arrive back at the idea of a public certification
authority to manage public trust. Go to a public CA, get 
notarized and you have a credential that is transportable.

One does not need a mechanism to exchange certificates with
public CAs, you read their CPS and decide whether to trust
them or not. People have a vested interest in chosing a CA
which is widely acceptable. This in turn is likely to keep the
numbers down to managable proportions.

In cases where there is no public CA which is acceptable,
communities of interest will create one.