[cap-talk] Dispending the rights of the user
Jed at Webstart
donnelley1 at webstart.com
Tue Dec 14 18:45:08 EST 2004
At 05:19 AM 12/13/2004, Ian Grigg wrote:
> > At 01:19 PM 12/11/2004, David Hopwood wrote:
> >>Valerio Bellizzomi wrote:
> >>>Yes, the principle is clear. Programs MUST NOT have the rights of the
> > I hope we are all in agreement on the above. I agree that this base
> > for some sort of POLA (rather than ambient user access) is so fundamental
> > to achieving any sort of security in computing that we must push very
> > hard to achieve this. Without some facility along the above lines I
> > of ever achieving reasonable security/integrity in computing as the
> > threat from various forms of Trojan horse seem otherwise pretty
> > insurmountable.
>I'm curious about this (but fundamentally in agreement).
>There is an alternate school of security known as the PKI
>or CA style of approach: give every user a key, have a
>TTP attest that the key is the individual, and then use the
>key for all transactions.]
I don't consider such a school where I interpret your acronyms
above as "Public Key Infrastructure" and "Certificate Authority"
and "Trusted Third Party" as in any sense an 'alternate'.
That is I see no conflict between the two schools and perhaps
The idea of PKI/CA/TTP is to use as a means to identify
subjects such as human users, server systems, etc. is
such a way as to validate their identity.
>Many many flaws have been observed with this notion 
I agree with the above, even though I think PKI (perhaps I
should say public key or asymmetric encryption) is potentially
an incredibly useful technology. In my view the character of
the technology got somewhat turned on its head with the
TTP part of the equation where organizations like Verisign
went into the business of being such "Trusted Third Party"s.
I believe most (perhaps all?) legitimate uses of PKI don't
require a Trusted Third Party - but that's another story.
>but it seems that one could say that PKI not only breaches
>POLA but reverses it. Would it be fair to say that?
I don't believe so. I don't believe PKI breaches or reverses
POLA. In my opinion PKI simply serves to aid in establishing
the identity of a subject during network communications.
That can be useful in contexts that support POLA and
in contexts that don't.
For example, a public key mechanism is used on a per
process basis in the "capability" communication
mechanism that I describe here:
I use the term 'capability' in quotes above because I'm not
sure that everybody would agree that communication is
actually communicating the sorts of rights that they would
regard as "capabilities". Still, regardless of the terminology,
the public key mechanism is used on a per process basis to
support access rights in support of POLA in that mechanism.
I do call it capability communication and so far continue to
support the use of that term in such a context.
>If so, then one could predict that anything arguing for or
>against POLA argument would likely be arguing against
>or for, reversed respectively, for PKI.
As I say I don't see any conflict and I do see support
between the two technologies.
>(In which case I might have found a new section for the
>working paper, below.)
> I've collected a few here: http://iang.org/ssl/pki_considered_harmful.html
Interesting. I just read over your document. I guess this is more
somewhat off topic communication on this list, but ... I'll go ahead and
react to the above document:
R.e. the Business Case. I believe the business situation with regard
to PKI and TTP is broken almost to the point that it could be considered
extortion. Perhaps there was good intent at the start of this process
(e.g. in about 1995 I recall some of the early meetings on this topic
and some of the technical enthusiasm for it), but I believe it has gone
The biggest part of the problem I believe is that in general for SSL
Web hosting (the biggest market for certificates I believe? At least
for server certificates - perhaps not for personal certificates) there
is no need for trusted third party verification. That is, it makes
very little difference if my communication with the Web site:
https://www.bigco.com/ is in fact with Big Corporation as listed
in Dunn and Brandstreet or with some other organization that
happens to own the bigco.com DNS name. The one case where
there might be a legitimate use for such certificate/organization
binding would be if somebody were to spoof the DNS or IP
address of bigco.com (presumably temporarily or locally). I
don't believe the existing PKI/CA/TTP actually helps significantly
in this regard, though I consider the point debatable. In general,
however, I think people don't know one bigco from another and
don't really care as long as their communication to the site
is encrypted - which happens whether Verisign investigates
the Dunn and Bradstreet number or not.
The above comment ties into what you refer to as Reliance,
Key validation, and Costs. R.e. costs and your comment
about US government costs - I see no reason to have some
trusted third party put a stamp of approval on things like
a NASA or DOE or ... site. I know the DOE ESnet folks
have a mechanism for distributing server and persona
certificates. As yet they haven't gotten their Certificate
Signing Authority on the default list for any popular browsers.
Regarding "Expiry and Key Revocation" and comments like
"you may as well do online verification, and dispose of certificates
altogether" - is that comment limited to personal certificates or
is it addressing server certificates as well. I believe the arguments
you mention from Rivest and others apply to personal certificates,
but I'm not sure they apply to server certificates.
R.e. the X.509 discussion, e.g. "It <X.509> is quite literally a solution
in search of a problem." What about X.509 certificates for Web
server SSL use? While I don't agree with the need for the
Trusted Third Party and especially the extortion that goes along
with it, the certificates themselves do seem to function well.
One other thing that I think should be mentioned in this
context is a comparison between the Trusted Third Party
approach to a Public Key Infrastructure and the PGP/GPG
sort of "Web of trust" approach. If you are going to criticize
PKIs, it seems to me you should criticize all of them or
except those not being criticized. Many of the arguments you
raise I believe don't apply to Web of trust PKI.
Interesting use of the word "dispending". Dispend: 'To spend; to
lay out; to expend'. Doesn't seem to quite fit to me. Perhaps you
have another thought?
More information about the cap-talk