Re: Proposal for a new PKI model (At least I hope it's new)
From: Anne & Lynn Wheeler (lynn_at_garlic.com)
Date: Sat, 06 Sep 2003 15:21:56 GMT
George Ou <firstname.lastname@example.org> writes:
> But I don't want to use just one portal or a wild card. I want to be
> able to issue an unlimited number of hosts and email addresses for my
> domain. I want to be able to use SMTP-AUTH and SMTP-TLS. I want to
> enable secure XML transactions. I don't want to buy just one host
> certificate. I want to buy one master certificate for my root PKI
> server. There is a huge difference.
> Companies buy so few because they can only afford one or two certs.
> Take away the cost factor and watch PKI deployment go up.
majority of the internet are using SSL domain name certificates when
they have trust issues with the domain name infrastructure and they
are doing something of value (certificates represent a patch on
perceived trust shortcomings of the current domain name
infrastructure, as opposed to directly fixing the turst shortcomings
... they are being coated over with SSL domain name certificates).
In the early days of SSL, the original discussions were assuming that
SSL would be used for all shopping related activities going on over
the internet ... until it was determined that there is something like
a five-fold difference between SSL sessions capacity and non-SSL
session capacity. As a result, instead of seeing SSL being default for
everything that went on the internet .... yoo saw it being cut back to
only the phase involving entering the credit card number ... and
frequently the credit card number processing being handed off to a
dedicated credit card processing server (for the ten large guys they
are probably doing their own ... for the small to medium tier sites,
you find many are outsourcing ... where a single processor actually
may handle hundreds of shopping sites). This limited deployment wasn't
because of the cost of the certificates ... which is trivial compared
to the cost of the additional infrastructure for running the actual
SSL operation (and which doesn't go away, even if SSL domain name
certificate costs totally disappear).
So, as I've repeated numerous times before ... if you fix the
underlying domain name infrastructure ... it almost totally eliminates
any possible demands for SSL domain name certificates (of any kind)
... and would still allow SSL type public key sessions ... with
little additional cost. However, the cost issue of operating SSL (or
SSL-like) sessions still appears to dominate.
A current issue is that the domain name infrastructure has to be fixed
in any case (since its difficiencies also put the SSL domain name CA
business at risk). Part of the current CA cost is that they need a
totally different business operation, staff, training, and their own
operation which needs an independent revenue flow is need to support.
Making public key distribution part of the standard domain name
operation eliminates almost all that infrastructure costs and just
merges it into the existing dynmamic, timely information distribution
So there are a couple of infrastructures that have deligated trust of
the type you are proposing (not the technical mechanics ... but the
process that one business will deligate certificate trust operations
to another certification business operation). The scenario is that the
deligated agent has to have processes in place that they follow all of
the business processes followed by the root trust operations (for
establishing the validity of the information being placed in the
certificate) or the resulting sub-certificates don't mean anything.
They require the sub-agent to have totally separated computer
operations in secured facilities and the cost of the deligation
certificate frequently is in the tens of thousands or hundreds of
thousands of dollars.
Another way of looking at this ... is if they don't require such
processes and costs they would be severely diluting their brand name
to the point that it would mean little more than any randomly
self-signed certificate. In effect, the sub-agent signed certificates
would have significantly lower trust unless they implemented all the
processes (and costs). The only thing that such CA operations would
then uniquely have is that they had undergone the costs to have their
root certificate preloaded into major browsers and they would be
franchising out access to that browser pre-loaded root certificate
with possibly little or no control over the franchised operations.
There is nothing stopping any entity from going to the major browswer
venders and going through the necessary steps to get a brand new root
certificate preloaded into browsers ... and establish whatever
business procedures they want to for managing delegated trust.
-- Anne & Lynn Wheeler | http://www.garlic.com/~lynn/ Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm