[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Designer Certs

Hi Phill,

>From: 	Phillip M. Hallam-Baker[SMTP:hallam@ai.mit.edu]
>Sent: 	Wednesday, February 11, 1998 8:50 PM
>To: 	Carlisle Adams; 'Rich Salz'; curtis_yarvin@geoworks.com
>Cc: 	cert-talk@structuredarts.com; spki@c2.net
>Subject: 	Re: Designer Certs
>>The lawyers sitting around the table will not pass around public keys
>>like they pass around business cards. 
>Why not? If it is going to take the $10K to negotiate each 
>agreement does it really matter if the implementation requires 
>ten minutes or ten seconds?

As soon as you find a lawyer who is willing to write a thousand-or-more
bits of random-looking data on a piece of paper, and another lawyer who
is willing to sit at a terminal and type those thousand-or-more bits
into the computer, you let me know  :-)

The public keys and resulting cross-certificates have to get from one
computer to another somehow and, believe me, I'd be surprised if this
doesn't happen electronically, at least in some environments.

>Exchanging the certificate is not the problem. The problem is
>deciding whether you want to do that, whether by doing so you 
>will discover you are taking on a huge liability you are unaware of.

Of course, but once that problem is solved you still have to do the
"easy" part of exchanging the certificate.  That's all the protocol is

>> This exchange will happen
>>electronically (probably after the paper documents have been negotiated
>>and signed by hand), so there needs to be an automated mechanism whereby
>>an electronic request for cross-certification is sent and an electronic
>>response (containing the cross-certificate) is returned.
>I still think you be putting cart before horse. 

You seem to have quite a non-standard definition of "before".  As it
says quite clearly above, *first* the human/legal/business stuff
happens, *then* the exchange occurs.

>I don't think that the existence or not of an automated mechanism
>makes any difference. I think that the critical misunderstanding
>that CMP is based on is the idea that decisions about forming
>business relationships involving trust are minor ones which can
>be handled cheaply at the administrative levels of an organization
>rather than a central preoccupation of mid and senior level

This paragraph makes it clear to me that you either haven't read or
haven't understood PKIX-CMP at all.  Firstly, CMP is a set of protocol
messages.  It is not exclusively about cross-certification (the
cross-cert request and response are two out of over 20 messages dealing
with all aspects of certificate life cycle and management), so to say
that it is based on some idea regarding forming business trust
relationships makes no sense whatsoever.

Secondly, and more importantly in this context, CMP is not based on this
idea in the least.  How business trust relationships are formed (and, in
particular, who in the organization forms them) is completely and
properly outside the scope of this document.  All this document says is
that once the relationships are formed (in whatever way), if it is
decided that keys and certificates will be exchanged electronically,
here is how you send the bits.

Perhaps you should read the document, or even talk with someone who has
read it, before deciding that it suffers from a fictitious "critical

>Pretty soon we arrive back at the idea of a public certification
>authority to manage public trust. Go to a public CA, get 
>notarized and you have a credential that is transportable.
>One does not need a mechanism to exchange certificates with
>public CAs, you read their CPS and decide whether to trust
>them or not. People have a vested interest in chosing a CA
>which is widely acceptable. This in turn is likely to keep the
>numbers down to managable proportions.
>In cases where there is no public CA which is acceptable,
>communities of interest will create one.

I have no doubt that you hope this is all true.  In your position how
could you possibly hope otherwise?

However, even if it was to become largely true, I can't imagine that it
would be true universally (i.e., for every single business working with
a PKI from now until the end of time).  For those businesses that choose
a different model, there should be some sort of standardized protocol
that they can use to move bits around.  CMP is trying to offer one.  Is
this so unreasonable?

Carlisle Adams
Entrust Technologies