Re: [dss] Fwd: RE: UPU CPC EPM Positioning Proposal vis-a-vis the OASIS DSS

[Trevor Perrin <trevp@trevp.net>]

At 10:16 AM 7/9/2003 -0700, Ed wrote:

>>   Carlisle's "Corporate Seal" 2.1 and "Identified Requestor" 2.3 use cases
>>are closely related, as he states in the use-case itself. The value is
>>definitely coming from an "inside (the corporation) looking out"
>>perspective. The Government of Canada also saw this value and requested the
>>S2S EPM. This is the subset of the EPM I spoke of that actually uses the
>>"External Sign" operation described in our WSDL. This Sign however was
>>mandated (by the Canadian Security Establishment (CSE), one of only 2
>>FIPS-140 certified accreditation labs in North America) to take place
>>"within" the departments' of the GoC using departmentally-held and keying
>>material. Each department within the government was mandated to use "their
>>own" internally-controlled and deployed "Corporate Signing" service (using
>>the EPM S2S Sub-Service of the Government Secure Channel as the vehicle).

I'd love to hear more details, so we can make sure DSS's Sign operation 
meets EPM's "External Sign" requirements.


>>    In my opinion, this description above is what Carlisle seems to be
>>alluding to. This very much constrained and controlled definition of
>>"delegated signing" we would condone. Your description of "delegating
>>signing" is an enormous leap from the above definition. I wonder what
>>Carlisle originally envisioned ?

I think Carlisle, I, and yourself are in violent agreement that this use 
case makes most sense when an organization is maintaining a DSS for its 
members.


>>    To take this all the way out to a definition where some 3rd party DSS
>>signing service "holding the private keys of the corporations' of America"
>>is what we find totally off the mark.

I don't think that would be a good idea either.  Like I mentioned, I wrote 
a paper arguing for what DSS would view as the client-side-hashing, 
identified-requestor-with-single-keypair use case.  It argues that if you 
have a PKI hierarchy that contains, say, government CAs certifying 
corporate CAs, and corporate CAs certifying employees, then you should 
replace that bottom layer of certificates with delegated signing/encryption 
servers **that are hosted by the organization for the benefit of its 
members**.  In other words, a 2-layer system with PKI between corporations, 
since PKI complexities are manageable at the server level, with users 
insulated from these complexities by delegated signing/encryption 
servers.  From the conclusion:

"Delegated cryptography splits the problem of end-to-end security into an 
intra-enterprise portion that can be addressed with authentication 
techniques and an inter-enterprise portion that can be addressed with PKI. 
This exploits the strengths and avoids the weaknesses of both technologies: 
Authentication techniques are easy to use and widely deployed, but can only 
secure interactive sessions between two parties. PKI can secure sessions or 
messages between a large number of parties, but imposes complex and 
difficult burdens on these parties. By using authentication techniques to 
access a PKI-enabled server we can confine the burdens of PKI to a single 
point within an enterprise while making its benefits available throughout."

Maybe that's a little pollyanna-ish, and we're just designing a protocol, 
we don't have to agree on architectural visions of that sort, but that's 
where I'm coming from at least.  And I think that's inline with what 
Carlisle proposed, and what EPM's External Sign is about.

Trevor