Re: From whence we came...

["James Seng/Personal" <jseng@pobox.org.sg>]

> Unfortunately, we don't have a lot of prior usage background for
> identifying institutions separately from the DNS

Unfortunately, yes. To be fair, we cant say PKIX does a good job either.

> (for instance, right now, if you want to do business with
> IBM, you simply trust that the owner of ibm.com is actually IBM and
not
> someone else),

I maybe nitpicking here but it is wrong example.

I trust ibm.com is IBM not because the domain name say "ibm.com". It is
because I have prior information, by other means that informed me that
ibm.com is IBM.

When I see "abc.com", all I can conclude is that it is "abc.com". It
does not tell me it is "American Best Company" or "Asia Big
Corporation". We dont have such information from just "abc.com" without
other references.

> You have ignored all the other PKI applications in non-Internet areas.
>
> I'm essentially ignorant of these applications, and so do not know how
> many of their lessons might apply to the Internet.

When the Asean government digitally signed their landmark e-Asean
treaty, wanna guess which CA they use? (Hint: any of the "default" CA in
the popular Internet browser are off tangent :-)

The interesting part is not who but why?

> I can say that right
> now, PKI as it applies to the Internet is very flat (even more so than
> the DNS), very much a matter of certifying who owns what DNS domains,
> very much tied to Verisign, and seems practical only for securing
> operations which involve a high-budget entity (typically a company
doing
> e-commerce) on one or both sides.

I have to agree with you that the asymentrical crypto in IP suite seem
limited to certain applications and most of it are pretty flat, provided
only by a handful of big names :-(

> The solution, then, is not to ask each user, "who do you trust?" but
to
> create one or more high-profile organizations with accountability, who
> we expect pretty much everyone to trust.  No one should force you to
> believe them, of course, just like no one forces you to go believe in
> ICANN's DNS information; but, as with DNS, you probably wouldn't find
> the Internet very useful if you don't.

What you are suggesting is a single CA root for all Internet
applications. Depends on perspective, it could argued to be a "limited
trust" or a "generic trust".

But lets go along your proposals. Assuming your trust model is build on
DNSSEC, then:

1. We are saying the root for DNS is by default also the CA.

   just a matter of curiousity, when were the last time any of us
   here been to ICANN? Do you think erm..they could do it?

2. We have to create a well-define published CSP for each level domain.
   One for root, one for each TLD, one for each 2LD etc.

   Since it is not possible for a 3LD to provide a better CSP than a
2LD,
   we can go down down down. OTOH, with most CSP of existing CA, I doubt
   we missing much anyway :-)

>   * You can't get a certificate from a well-recognized authority
without
> spending too much money and (as I understand it) putting yourself at
> significant risk.

A business model fault. *sigh*

Assuming your model of one CA works out and would you want to guess how
much would it cost you to get a "signed zone" for .COM?

Note that giving you a "signed zone" is as good as saying "here is your
signing key".

> certificate for error-messages.mit.edu).  So MIT would have to
transact
> with the certificate authority for each user and each host.  Put
simply:
> DNS is more hierarchical right now than PKI is.

Another business model fault. PKIX is designed to be hierarchical.

Unfortunately, "I get X dollar per cert" model prevents this from
happening. Imaging if InterNIC started to charge "$1 per host" and not
"$35 per domain" in 1995, we likely end up the same for DNS too.

There is nothing preventing someone to create a reputable, well-operated
root CA and start giving signed signing key to anyone who wants it in a
DNS hierarchy manner.

>   * To the extent that identity is associated with DNS, it doesn't
make
> very much sense to have separate organizations deciding who is who.
If
> peta.org changes ownership from People Eating Tasty Animals to People
> for the Ethical Treatment of Animals, will the CA notice and stop
> renewing peta.org certificates for the former?

>   * Pursuant to the last point, certificates take too long to expire,
> because certificates are essentially an off-line system and we assume
> that certificate renewal is cumbersome.  Revocation would help, but
the
> revocation features I know about in X.509 don't seem very scalable and
> aren't generally used.  Since DNS is an on-line system, signatures can
> expire more quickly and domain turnovers can be more quickly reflected
> in the security system.

One question to probably folks in the DNSOP: have any attempts to update
keys

> I'm afraid that right now, what we have is generic trust of the DNS
> without actual security of the DNS.

Yes, but only for a limited purpose. I only get some information such as
IP from the DNS. I can then verify the IP I am talking to via other
means.

I hate to sound arguments. Honestly, I am somewhat convience, especially
the part to get all users to manually select their trusted CAs. I think
an reasonable compromises is to limit the usage of these key to some
applications, perhaps to some stuff we engineers like to see, e.g. SSH,
S/MIME, SHTTP, IPsec etc. And if anyone thinks they can use these keys
for the 100USD or 100M USD transaction, someone should tell them they
are doing it at their own risk.

-James Seng