[fc-discuss] Financial Cryptography Update: "doing the CA statement shuffle" and other dances
iang@iang.org
iang@iang.org
Sun, 5 Mar 2006 23:54:31 +0000 (GMT)
Financial Cryptography Update: "doing the CA statement shuffle" and other dances
March 05, 2006
------------------------------------------------------------------------
https://www.financialcryptography.com/mt/archives/000672.html
------------------------------------------------------------------------
The much discussed CA branding model has apparently been adopted by
Microsoft, implemented in the InfoCard system, if the presentation by
Cameron and Jones is anything to go by. I review and critique that
presentation here, including relevant screenshots:
https://www.financialcryptography.com/mt/archives/000666.html
Now, _the statement_ as the core reason for the CA's existance is
becoming more clearly accepted. It's something that got thrown out
with the bath water back in 1995 or so, but it seems to be heading for
something of a revival. Cameron and Jones say:
In many cases, all that having a standard site certificate
guarantees is that someone was once able to respond to e-mail sent to
that site. In contrast, a higher-value certificate is the certificate
authority saying, in effect, “We stake our reputation on the fact that
this is a reputable merchant and they are who they claim to be”.
I also found an RFC by Chokhani, et al, called _Internet X.509 Public
Key Infrastructure_ (RFC 3647) which throws more light on the
statement:
3.1. Certificate Policy
When a certification authority issues a certificate, it is providing
a statement to a certificate user (i.e., a relying party) that a
particular public key is bound to the identity and/or other
attributes of a particular entity (the certificate subject, which is
usually also the subscriber). The extent to which the relying party
should rely on that statement by the CA, however, needs to be
assessed by the relying party _or entity controlling or coordinating
the way relying parties or relying party applications use
certificates_. Different certificates are issued following
different
practices and procedures, and may be suitable for different
applications and/or purposes.
The CA's statement is that the the key is bound to attributes of an
entity (including Identity). So we are all agreed that the cert has or
is a statement of the CA saying something. But consider the caveat
there that I emphasised: the authors have recognised that relying
parties typically do not control or coordinate their use of
certificates. There is typically an intermediate entity that takes
responsibility for this. To the extent that this entity controls or
coordinates the root list, they are in the driver's seat.
For browsing, this is the browser manufacturer, and thus the browser
manufacturer is the relying party of ultimate responsibility. What
this does is put browser manufacturers in a sticky position, whether
they admit to it or not (and notice how you won't find any browser
manufacturer clarifying who makes the statement from a manufacturered
cert).
Microsoft's position may be weak in understanding and implementation,
or maybe they know full well where this is going, and are implementing
an intermediate step. Leaving that aside, it does leave the
interesting question as to why they have only partially implemented the
model. Not only does the high-assurance program prove the point that
the CA has to be branded (thanks for that!) but it also confirms that
the browser is on the hook for all the other certs in the other,
default, poor man's certificate regime.
Either way, we are on the move again...
--
Powered by Movable Type
Version 2.64
http://www.movabletype.org/