Re: [pki-tc] Measuring the success of PKI [was: PKI-TC charter issue]

[Stephen Wilson <swilson@lockstep.com.au>]

Anders

I think you and I might be closer in our views than it appears.  I think 
the future of PKI is embedded digital certificates.  When I said that 
ubiquitous use of digital signatures by the general public need not be the 
best way to measure PKI's success, I meant to say "overt" digital 
signatures.  

But I too see embedded PKI, delivered via EMV and other types of 
smartcards and portable devices, as taking over. 

I wrote a paper for the American Bar Association about this a little while 
ago.  See www.abanet.org/scitech/nosearch/eblast/eblastarticle1.html and 
an extract below. 

Cheers, 

Stephen.

--------------------------------------

PKI without tears
January 2003 

Abstract

Traditional Public Key Infrastructure (PKI) is unnecessarily complicated. 
Largely as a result of early misconceptions that we needed an all-purpose 
digital passport to do business on the Internet, traditional PKI has 
become overloaded with invasive personal identity checks and complex legal 
arrangements. To make things worse, early software implementations brought 
out explicit details of digital certificates, necessitating unusually 
intense user training. To try to support stranger-to-stranger 
transactions, user agreements for general purpose certificates have 
required people to read and understand huge and forbidding Certification 
Practice Statements. And yet the business benefits of going to all this 
trouble remain controversial. 

Most of the burden of orthodox PKI derives from trying to create the all-
purpose digital identity. In day-to-day personal commerce, this is 
famously analogous to a drivers licence, but in the professions and in 
business, a single identity is uncalled for and unprecedented. PKI tends 
to deliver its greatest benefits – automatic paperless processing, reduced 
legal risk, lower cost of dispute resolution – in high value, high volume, 
specialist applications, where digital personae are application-specific.

There are new PKI models where the cryptography is embedded deeply into 
smartcards, to much the same extent that complex ferromagnetic technology 
is built into all the other plastic cards we take for granted. Application 
software can be engineered so that all digital certificate functions are 
automated; smartcards can be issued to professionals and business people 
under existing terms and conditions which reflect the users’ standing. The 
user experience then becomes the same as with any conventional access 
card. We can do away entirely with the need to read and understand complex 
Certification Practice Statements and Policies, sign up to unusual 
Subscriber and Relying Party agreements, or undergo esoteric technical 
training. Thus the underlying PKI becomes true infrastructure, used purely 
to automate paperless transactions between parties who are already 
accustomed to dealing with one another. 

This paper presents a fresh look at the business drivers and true benefits 
of digital signatures, and shows how application-specific PKI can deliver 
the benefits with better usability, zero registration overhead, reduced 
training costs, simpler liability arrangements, and streamlined 
accreditation. The paper is aimed at regulators, policy analysts and e-
business strategists with an interest in the future of PKI. 

--------------------------------------
 


> c-i-l
> 
> Stephen wrote:
> 
> >Sorry Anders, I am not totally sure what you mean by "web sign".  Do 
you 
> >mean applying digital signatures in thin client web apps?
> 
> The following is a fairly good description of web sign.  Page #6 is the 
actual definition.
> http://web.telia.com/~u18116613/onlinesigstdprop.ppt
> 
> >Personally I think that XMLsignatures is the key here, allowing more 
widespread 
> >implementation of digital signatures in simple web forms. 
> 
> Absolutely.
> 
> >We don't see a  lot of this yet for two reasons: (1) penetration of XML,
> >and (2) more  importantly, we're in a PKI lull at the moment where 
developers and 
> >architects don't see the point of doing dig sigs at all (which then 
> >reinforces the slow uptake of XMLsignatures). 
> 
> I cannot verify this.  XML is huge.  XML signatures is in good use.  But 
it is
> mostly happening on the server side as the client platform is still 
inferior
> 
> <snip>
> 
> >But why should we measure the success of PKI by the percentage of the 
> >general public using it?
> 
> It is at least one way to measure.  By doing that I would say that Sweden
> is about FOUR MAGNITUDES more successful than the US :-)
> 
> >By its very nature it's not a ubiquitous  technology.  
> 
> I don't agree a single bit on that.  PKI will long-term become
> more used than passwords for on-line services.
> 
> >A very big obstacle we all need to get over is the long 
> >lasting misconception that PKI would (or should be) be ubiquitous. 
> 
> Since 50% of the entire Swedish population can get a PKI cert
> today, I have some problems with this statement of yours.  Maybe
> you refer to the universal use of a specific PKI? That's another issue
> in my opinion.  Which I agree on BTW.
> 
> >We (as PKI advocates in the TC) I think should be very happy if we were 
to see 
> >PKI penetrate say 5% of the population, as long as it was the right 5%, 
> 
> We are as I told you far ahead of this goal already.  With EMV cards
> for payments using PKI we get some 35% penetration of a special
> purpose PKI.
> 
> >and led to major improvements in the way certain types of e-business -- 
> >not all e-business -- is carried out. 
> 
> IMHO all e-business can without doubt benefit from using PKI
> *technology* but that involves everything from EMV payments in
> a shop to server-signed B2B POs.
> 
> What kind of e-business would not gain by using PKI technology?
> 
> <snip>
> 
> >But there are countless applications where signatures are most 
definitely 
> >required.  In Australia, large consulting projects in a wide range of 
> >fields including medical prescriptions, pension funds management, and 
the 
> >real estate industry, have analysed in detail the hundreds of instances 
> >where the law here requires a person to sign something.  Very few of 
these 
> >instances can be nicely automated online without PKI. 
> 
> I believe you are limiting the use of signatures by connecting it to law.
> Digital signatures is a way to show intent.  That is, you can indeed
> sign up for a dentist appointment using signatures.  This is already
> implemented in Sweden.
> 
> <snip>
> 
> >These are reasons for why internet banking with PKI is difficult, but 
my 
> >point is that internet banking with PKI is not necessary.  The reason 
is 
> >that internet retail banking works using the same rules as phone 
banking.  
> 
> Now you are into this legal business again.  PKI should be
> compared to long passwords and OTPs.  PKI is MUCH more convenient
> as well as withstands any amounts of server-break-in attempts.
> Passwords and OTPs typically lock the account after a few consecutive 
errors.
> That could cost tons of money.
> 
> Signatures actually combine an intent (transaction request) with a
> procedure and security and is IMO useful for paying simple
> bills.  If the signature software is appropriate that is.  I do
> this all the time actually...
> 
> >It is often said that PKI is better for business banking and indeed I 
have 
> >seen reasonably good applications in treasury functions etc.  This is 
> >because these more complicated transactions tend to need signatures 
(and 
> >because the economics can cope with relatively more expensive software 
> >development and support issues like smartcard reader deployment). 
> 
> I do not agree.  It is volume apps that benefit from PKI.  Things that
> you only do occasionally you might as well do the conventional way.
> But I of course again see this from a consumer perspective which is
> due to the fact that in EU, PKI is mostly a consumer movement.
> 
> >The other important point in email is that really good PKI apps do not 
> >involve transactions between total strangers, but instead involve 
parties 
> >which have a prior business relationship, which is readily instantiated 
in 
> >the form of a certificate issued by one of the parties to the other.  
For 
> >example, a certificate standing for someone's qualification as a patent 
> >lawyer, or a licenced customs broker, or a registered medical 
> >practitioner.  The idea that you can determine a total stranger's 
> >trustworthiness from reading their digital certificate is not 
practical, 
> >indeed is almost fanciful.  
> 
> Violently agree!
> 
> >Anders, I don't think implementing PKI always requires reworking all 
> >business processes and logic. In fact, the better PKI apps succeed by 
> >being overlaid on business processes without changing them.  For 
instance, 
> >if a paper medical prescription process works by writ of a doctor's 
> >licence to practice, then it's very smooth and efficient to issue a 
> >digital cert to the doctor that simply represents her medical 
registration 
> >(say with the medical authority acting as RA) and to apply digital 
> >signatures in e-prescribing software.  Usually this software is fat 
> >client, updated every quarter or so with a new version, and easily 
> >mopdified to call up some dig sig functions. 
> 
> One problem is when this e-prescription is about to be transferred to
> the pharmacy because message encryption which is a necessity in
> this sector is incompatible with everything else. 
> http://w1.181.telia.com/~u18116613/A.R.AppliedPKI-Lesson-1.pdf
> 
> The following is a real example of e-health worth studying:
> http://middleware.internet2.edu/pki05/proceedings/kailar-phinms.ppt
> 
> If individual signatures were to be added, they should (IMO)
> be stored locally together with other audit info.
> 
> In fact, here I believe this TC is on the wrong track.  But "fortunately"
> this TC is in very good company, there are numerous other "PKI-TCs"
> and they all refuse to acknowledge the notion that an information
> system can be "authorative".   We, the system architects have worked
> with this "paradigm" since day #1 and see no reason to change. 
> On the contrary, this is a wonderful way to create a scalable PKI. 
> There is a reason why VeriSign have 1 billion relying parties for their
> SSL CA as well as a million paying subscribers!
> 
> Here you already have a truly ubiquitous PKI BTW.
> 
> Cheers
> Anders Rundgren

--
<Put email footer here>