1 / 7

Real Needs For Certificates

Real Needs For Certificates. Carl Ellison cme@cybercash.com http://www.clark.net/pub/cme/nist-7-24/. X.500 Model of the world. Common Knowledge. 3D. NS. X.500. Alice. Bob Smith #56342. Bob. X.509 cert. Keyholder. Signatures. OS. Message. K A. K B. KS. Access Challenge.

twaddell
Download Presentation

Real Needs For Certificates

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Real Needs For Certificates Carl Ellison cme@cybercash.com http://www.clark.net/pub/cme/nist-7-24/

  2. X.500 Model of the world Common Knowledge 3D NS X.500 Alice Bob Smith #56342 Bob X.509 cert Keyholder Signatures OS Message KA KB KS Access Challenge

  3. SDSI Model of the World Private Knowledge 3D NS KA Alice Red Bob SDSI cert Keyholder Signatures OS Message KA KB KS Access Challenge

  4. SPKI Model of the World 3D “type D” SPKI certificate “type S” SPKI certificate Alice Bob Keyholder Signatures OS Message KA KB KS Access Challenge SPKI certificate

  5. Consumer protection: AVOID non-repudiation assumption until private key protection is real. Bilateral EDI relationships might need to be witnessed, without requiring either company to become a licensed CA Walton’s Mountain isn’t found in NYC, much less on the Internet. We need the Law to stop assuming that name = person = person’s attributes and deal with attributes of interest. [e.g., ATM card] Need For Law

  6. Are We Taking Certs Too Seriously? • Some electronic commerce happens with no security at all, much less public key authentication. • Other EC uses public keys but no certificates, only ACLs. • Only mortgages and similar huge contracts require “subpoena” certs. Those are rare enough to be ignored. • Inter-business EDI is bilateral: ideal for SDSI or PGP with paper contracts. Cyberspace is a new society, not just a new tool for the 3D world. What does that society need and want? Do we know? Are we working to provide it?

  7. Real Certificate Needs • Authorization is the third leg of the stool. • Local names are needed for e-mail and some EDI, but mostly we need permissions granted to keys: • to use a credit card (e.g., SET cardholder) • to sign purchase orders, up to X amount, for company Y • to gain access through a firewall • to access web pages, subscribe to on-line magazines, etc. • to participate in _________ Anonymous Online • to participate in child-only chat rooms or newsgroups • Each permission has its own particular authority = issuer, probably not a CA and probably too small to license.

More Related