re:[pki-tc] NIST deprecates the Bridge CA Concept

[Stephen Wilson <swilson@lockstep.com.au>]

I mentioned before in passing a psychological angle on the way historical
PKI has been conceived.  Peter then cited the problem of "subordination" to
a root CA, and this reminds me of another really powerful psychological
issue from the past.  

IMHO if we had originally conceived of root CAs as having a compliance
accreditation role -- simply conferring to CAs an assertion that they were
in compliance with relevant standards -- then the abhorant notion of
"subordination" would never have even arose.  

Outside PKI land, I think most businesses are comfortable with being
audited; they don't see themselves as being "subordinate" to their
auditors, much less to the auditor accreditation boards.  This is a much
better model/metaphor for Root CAs. 

See also http://www.lockstep.com.au/library/pki/audit_based_public_key_infras

Cheers, 

Stephen Wilson.




> Sent on behalf of Peter Alterman.
> 
> -----Original Message-----
> From: Alterman, Peter (NIH/CIT) [E] [mailto:altermap@mail.nih.gov] 
> Sent: Thursday, April 27, 2006 8:51 AM
> To: dee.schur@oasis-open.org
> Subject: Re: [pki-tc] re:[pki-tc] NIST deprecates the Bridge CA Concept
> 
> Will be soon. 
> And Bill didn't slam the Bridge, he did say that in retrospect we should
> have built a fed root first, then built the bridge. 
> What needs to be remembered is that at the time there was no leadership for
> such a root and the agencies in PKI refused to subordinate to anyone else's
> root. 
> --------------------------
> Sent from my BlackBerry Wireless Handheld
> 
> 
> -----Original Message-----
> From: swilson@galexia.com.au [mailto:swilson@galexia.com.au] On Behalf Of
> Stephen Wilson
> Sent: Thursday, April 27, 2006 7:57 AM
> To: Anders Rundgren
> Cc: PKI TC
> Subject: [pki-tc] re:[pki-tc] NIST deprecates the Bridge CA Concept
> 
> Anders
> 
> Respectfully I submit that you are mixing together two quite separate
> issues: the questionable usefulness of Bridge CAs, and your abiding
> promotion of gateway PKI.  
> 
> Just to look at the Bridge CA question (and I must say I have not read Bill
> Burr's comments in detail, so I may or may not be at cross purposes with
> him) ... 
> 
> I have found recently in Asia that Bridge CA models are being put on hold.
>  Influential private sector PKI providers in China told the APKIF in
> November that they do not think a China BCA will be useful in the
> forseeable future; in September the Taiwanese government announced it was
> dropping its BCA proposal in favour of a Trust List approach.  
> 
> In my view there are fundamental reasons to question the utility of BCAs. 
> I think the really basic premise of BCAs is that most individuals will only
>  belong to one PKI and so have just the one certificate to be used in
> multiple domains.  Then the business question of a subject in one domain
> presenting their certificate to another domain has to do with whether or
> not that certificate is equivalent (mappable).  Personally, I hypotehise
> that there is some psychology involved in this model as well, based on the
> notion of security clearances in government hierarchies, and the (real)
> challenge of govt employees in one jurisdiction being at the same or higher
> or lower level of employees in other jurisdictions. 
> 
> The attached annotated cartoons try to compare that scenario with an
> alternative PKI model, one which is coming to dominate in Australia and I
> think in Asia -- "scheme based PKI", where there are many more or less
> closed PKIs.  People will have different certificates for different
> application domains.  This is fast becoming reality in the embedded PKIs of
> e-passports, national ID smartcards, PIV, EMV cards and so on.  
> 
> In this environment, equivalence (or questions of 'rank') of certificates
> in different domains is moot.  The real issue here is whether or not a
> given certificate is fit for purpose; i.e., is it "recognised" for the
> purpose to which it is being put?  I don't see how a Bridge CA helps here.
>  Instead, the Trust List model is natural; relying parties simply need a
> list of the Root CAs that underpin the domains they are transacting in. 
> 
> I hope my cartoons are understandable in this context!  I have been meaning
> to develop a more comprehensive white paper on this topic but haven't had
> time.  However, an overview of the scheme based PKI approach is contained
> in http://www.lockstep.com.au/library/pki/relationship_certificates. 
> 
> Having said all this, we should monitor developments in the various
> industry BCAs cosely, especially SAFE in pharma. 
> 
> Comments welcome!!! 
> 
> Cheers, 
> 
> Stephen.
> 
> 
> Stephen Wilson
> Lockstep Consulting Pty Ltd
> www.lockstep.com.au
> ABN 59 593 754 482
> 
> 11 Minnesota Ave
> Five Dock NSW 2046
> Australia
> 
> P +61 (0)414 488 851
> 
> --------------------
> 
> About Lockstep 
> Lockstep was established in early 2004 by noted authentication expert
> Stephen Wilson, to provide independent specialist advice and analysis on
> identity management, PKI and smartcards.  Lockstep is also developing
> unique new smartcard solutions to address privacy and identity theft. 
> 
> 
> 
> 
> 
> > List,
> > 
> > http://www.gcn.com/print/25_9/40506-1.html
> > 
> > <GCN.Quote>
> > 
> > "It's much harder than we thought it would be," Burr said. "We've backed
> the wrong horseany number of times." He said one of these wrong horses was
> the decision to use a bridgecertificate authority rather than a single
> central certificate authority to issue andmanage digital certificates
> > 
> > </GCN.Quote>
> > 
> > 
> > Although Mr. Burr indeed later endorsed the Bridge concept as a long-term
> goal, theimmediate effect (if the US government proceeds as the article
> described), is thatvendors, allies, and consultants will back away from
> this solution.
> > 
> > In the mean-time, simpler and cheaper approaches like "gateways", will
> effectively removethe need to ever resurrect the Bridge.   A client-centric
> Bridge CA concept also does notsupport the design of integrated
> organization-to-organization workflow applications,something which ought to
> be the long term goal for the US government IT.  What securityprinciples
> they use (as long as they work), should be of secondary importance.
> > 
> > Regarding analysis of processes, there is actually quite a collection of
> papers to read,and very few of them show a need for a trust model where an
> employee/associate of oneorganization needs to be fully trusted/qualified
> by another organization.  A model wherethe "organization" becomes the
> primary entity (like in Shibboleth/SAML), scales better,allows arbitrary
> employee privacy protection, and probably works entirely satisfactory in99
> cases of 100.  Using a 2-layer credential and signature structure (gateway
> PKI + localPKI), you can easily take the last percent as well.
> > 
> > 
> > It should be like VeriSign's Phillip Hallam-Baker said on the PKI
> Workshop 2006:
> > 
> > "If I send a message from my company, I expect my company to secure it".
> > 
> > If it had not been for the Bridge, we could actually have had secure
> e-mail today.  Notonly within isolated islands, but for every Netizen.
> > 
> > 
> > Sincerely
> > Anders Rundgren
> > Principal Engineer
> > RSA Security
> 
>