[cap-talk] What do CAs contribute...to anything?
marcs at skyhunter.com
Thu Feb 10 00:01:33 EST 2005
> Which brings us back to what value added can a CA
> offer with its CA-signed certs. Well, I don't think there
> is a limit to that. I think if Verisign wants to offer a premium
> service that guaruntees no phishing, then they should be able to do
> so. And they could so with a little help from the browsers.
> But, that's not to tar all CAs with the same brush,
> nor the concept. It happens that the TTP concept
> was missemployed. We are going through a period
> of re-evaluation of the role of the CA, and may
> emerge as a useful member of the net community,
> or it may disappear.
Contemplating the nature of a long term solution, I think we might be able
to create a consensus that unforgeable identities have an important role to
play. But we sure don't have a consensus about the role a CA might play :-)
For better or for worse, I am going to ramble around the issues of trust and
CAs for several messages. I believe that in the long term CAs have no role
to play, and that in the short term CAs have no role to play. But I don't
expect to get consensus on that. I would be happy to get some consensus on
the issues we would consider to ascertain whether they have a role to play
To start this ramble, I would like to go back to carefully examine the term
"trust". We have used it several different ways (several of us, including
myself, have used it several different ways in a single paragraph, argh :-)
I believe that David is correct to keep kicking us to use the term "trust"
only in the context of a particular entity for a particular purpose.
It seems likely that everyone would agree that an unforgeable identity is
meaningless and useless by itself. I submit with less confidence of
agreement that, more specifically, it is useless until it is associated
specifically with a set of purposeful trust relationships: I trust ID X to
transfer money. I trust Brand Y to give me a good recommendation about
whether or not to buy a car from Brand Z.
We can have unforgeable ids without CAs. If one agrees with the assertions
up to here, then the next important question is, once you've got an
unforgeable id, how do you associate the id with a purposeful trust
relationship? Given this general question, the correct question to ask about
CAs is, what do CAs contribute to associating the id with such purposeful
trust relationships? CAs do not, standing there and dealing in "trust",
directly help with purposeful trust. Whatever impact they have on purposeful
trust is indirect.
I will, in succeeding emails, look at this through a couple different
lenses. I will take a look at the history of unique ids and how trust
relationships were associated with them, noting that humans have built quite
nice id+trust systems without CAs at times. I will look at a possible path
to a world without CAs that travels through a short term solution that
includes CAs. I will look at the hurdles that CAs must overcome to be
accepted, compare those to the hurdles a pet name system must overcome to be
accepted. I will submit for consideration some justifications for the belief
that CAs face much worse hurdles than pet names, that pet names are
necessarily a part of the long term solution, that CAs are not a part of the
long term solution, and because of their special hurdles, they are even a
bad idea for a short term solution.
No hope of consensus on the whole sequence, of course :-)
More information about the cap-talk