Re: Killer PKI Applications

[Lynn . Wheeler]

the other problem with the CA approach is what is the CA certifying. Are they
purely certifying the name of the company producing software applications ... or
are they certifying every application that each software company produces. If I
have to decide every company that I'm willing to accept software from ... then
I've gone to a per company process that can be done with online authority and
I'm maintaining a list of per company-based accpetable software sources. I don't
need & am not using a hiearchical CA-based trust infrastructure (possibly other
than in a purely contrived manner).

For the CA-based trust infrastructure to work for this scenerio ... the CA needs
to be asserting the trust/quality/integrity of applications produced by each
software company (so that I only need to record CA-level trust decisions) ...
once I need to record vendor-level trust decisions then I've truncated any trust
hierachy (embodied by a CA which then becomes superfulous/redundant).






"Bill la Forge" <[EMAIL PROTECTED]> on 01/11/2000 01:19:34 PM

To:   Lynn Wheeler/CA/FDMS/FDC@FDC, "bram" <[EMAIL PROTECTED]>
cc:   "Peter Cassidy" <[EMAIL PROTECTED]>, [EMAIL PROTECTED],
  [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject:  Re: Killer PKI Applications



> Once the user decides not to trust the CA as to whether programs from
individual
> vendors are to be accepted ... then the user creates their own table of
> acceptable public keys (not relying on the CA/PKI trust infrastructure).


Part of the problem with taking the CA approach is in dealing with multiple
roots.
We've drilled down on this problem a few times and having a signed list of
acceptable
keys is a solution that keeps coming back up.

Frankly, I think this is an area where XML is going to play quite well. And I'm
delighted
with the latest draft on XML-based digital signatures:
http://www.w3.org/TR/xmldsig-core/

Bill la Forge, CTO
JXML, Inc.

Re: Killer PKI Applications

[Lynn . Wheeler]

Claim is that the draft X9.59 financial industry standard (for all retail
payments) could provide the level of integrity that would justify better than
card/consumer present rates; i.e. the level of the integrity of the transaction
is at least card present ... and the characteristic of X9.59 makes the account
number pretty much worthless in non-signed transactions (i.e. even if every
account number from X9.59 transactions were kept at a merchant server database
... and that database was compromised, the information could not be used for
fraudulant transactions).

One of the charters to the X9A10 working group for X9.59 was to preserve the
integrity of the financial infrastructure with only a digital signature and be
applicable to all retail based payments. The X9.59 mapping to existing payment
card infrastructures, while relying on digital signatures does not rely on
certificates and/or associated PKI/CA infrastructures.

For more information see various references at:

http://www.garlic.com/~lynn/







Randy Witlicki <[EMAIL PROTECTED]> on 01/11/2000 04:15:07 PM

Please respond to Randy Witlicki <[EMAIL PROTECTED]>

To:   Peter Cassidy <[EMAIL PROTECTED]>, [EMAIL PROTECTED],
  [EMAIL PROTECTED], [EMAIL PROTECTED]
cc:(bcc: Lynn Wheeler/CA/FDMS/FDC)
Subject:  Re: Killer PKI Applications




  The killer app should make somebody very rich.
  Perhaps where the consumer can make an online purchase,
same as now with an SSL browser link, but they are using
a credit card from "Hettinga National Bank" where the consumer
gets a 1/2 percent rebate and the merchant gets charged 1/2 percent
less than other credit cards (to encourage the merchant to
recommend Hettinga National Bank to their customers).
  This would likely require disintermediation of of various
finanacial processing links, maybe PKI, and perhaps even Digital
Bearer Certificates.
  In this case, PKI is probably a Business-to-Business backend tool.

  Or have I been mis-reading Bob's cogitating and rants ?

  - Randy
 -



For help on using this list (especially unsubscribing), send a message to
"[EMAIL PROTECTED]" with one line of text: "help".

Re: Killer PKI Applications

[bram]

Peter Cassidy <[EMAIL PROTECTED]> on 01/10/2000 wrote
> 
> I am engaged in an expansive and challenging authoring assignment
> regarding PKI's rationale in the large e-commerce plexus. I'm casting
> about for ideas on the killer PKI application. I'd like to hear any ideas
> - however wild or domesticated - in this space. I can repay all kindnesses
> with beer and whatever appreciations that providence provides I can bestow
> in the future.

The first thing something needs to be a killer application is to be an
application. The problem with PKI is that it isn't an application, it's a
system. A killer app needs to have a very specific purpose, and needs a
very immediate motivating factor for it's use. Think web browser.

I'm more than a little bit skeptical that the world has much use for PKI
just yet. PKI is useful for stopping active attacks, but right now almost
everything on the internet is subject to passive attacks. Fix the first
problem first, only then will it become clear how to solve the second
problem.

-Bram

Re: Killer PKI Applications

[Lynn . Wheeler]

digital signature enhanced radius (for ISP access authentication, i.e. replacing
the password with public key in the authentication database and replacing the
password with digital signature on authentication transactions) and in-coming
address spoof filtering at ISPs (similar to intranet address spoof filtering for
packets coming in from the internet, the ISPs would do address spoof filtering
on packets coming into the internet from their customers) would go a long way
for addressing a lot  attacks (w/o requiring PKI).

then for things like denial-of-service attacks (w/o address spoofing) ...
account-based infrastructures would still use account-based public key
transactions. In the case of boundary pre-filtering for things like
denial-of-service attacks ... there is still trade-off with ASN.1 decoding &
public key ops that are still computationally intensive ... & can be greater
than TPC-C (for most of the current e-commerce transactions there would still
have  account-based authentication processing ... boundary pre-filtering
represents duplication of effort & could lead to faster resource exhaustion).

It is likely then that a lot of the non-addresses-spoofed attacks would be from
compromised machines (given ISP authentication & incoming packet address spoof
filtering by ISPs).

Part of the issue is that almost all current e-commerce is transactional
account-based paradigm (because of requirements for information timeleness
and/or information aggregation). Part of the PKI design point/advantage is
targeted to peer-to-peer, anarchy, offline, lacking any account infrastructures.

 Work on compromised machine exploits still has quite of bit of work to do and
PKI might play in program execution authentication ... say next generation of
virus checkers also check for valid program/executable digital signatures. Even
then there is a design trade-off between having the visus checker include a
(account) table of acceptable public-keys vis-a-vis each program having an
appended  certificate in addition to the digital signature ... and the virus
checker only having a table of CA public keys. Does the user want to pass
approval on only the list of trusted CAs or does the user want to pass approval
on each individual developer's public key?
Once the user decides not to trust the CA as to whether programs from individual
vendors are to be accepted ... then the user creates their own table of
acceptable public keys (not relying on the CA/PKI trust infrastructure).






bram <[EMAIL PROTECTED]> on 01/11/2000 10:41:32 AM

To:   Lynn Wheeler/CA/FDMS/FDC@FDC
cc:   Peter Cassidy <[EMAIL PROTECTED]>, [EMAIL PROTECTED],
  [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject:  Re: Killer PKI Applications




The first thing something needs to be a killer application is to be an
application. The problem with PKI is that it isn't an application, it's a
system. A killer app needs to have a very specific purpose, and needs a
very immediate motivating factor for it's use. Think web browser.

I'm more than a little bit skeptical that the world has much use for PKI
just yet. PKI is useful for stopping active attacks, but right now almost
everything on the internet is subject to passive attacks. Fix the first
problem first, only then will it become clear how to solve the second
problem.

-Bram

Re: Killer PKI Applications

[Lynn . Wheeler]

the original design point for much of PKI was distributed credentials for
non-face-to-face, offline, electronic ... i.e. parties that had no prior
business relationship and at the moment performing authentication function the
relying party wasn't online (analogous to letters of credit in the days of
sailing ships long before there was electronic connectivity).

frequently online authentication provides higher quality, specifically targeted
and more timely information that could be available with a generalized
credential created sometime in the past.

Some trade-offs are the descreased cost of offline vis-a-vis online
authentication transaction and the reduced quality and/or timelyness of the
information (stale vis-a-vis current). Online costs are drastically dropping as
internet and related technologies become pervasive.

So traditional PKI opportunity would appear to be 1) authentication
circumstances involving volume costs that have to come in below the dropping
online costs (but can still cover the cost of a PKI infrastructure), 2)
authentication circumstances &/or transactions that aren't dependent on timely
information, and 3) wouldn't require a combination of offline & online (since an
online authentication operation can always subsum any of the offline pieces,
eliminating duplication of infrastructures).

Majority of existing e-commerce paradigms involve parties with 1) either direct
prior relationship or indirect prior relationship thru some financial
institution, 2) account-based timely &/or aggregated nformation, and 3) online
operation.

Into such an environment, PKI needs to find a thread between the existing
paradigms that doesn't require online access &/or account-based
timely/aggregated information between parties with no prior relationship.







Peter Cassidy <[EMAIL PROTECTED]> on 01/10/2000 03:08:00 PM

To:   [EMAIL PROTECTED]
cc:   [EMAIL PROTECTED], [EMAIL PROTECTED] (bcc: Lynn
  Wheeler/CA/FDMS/FDC)
Subject:  Killer PKI Applications




Friends,

I am engaged in an expansive and challenging authoring assignment
regarding PKI's rationale in the large e-commerce plexus. I'm casting
about for ideas on the killer PKI application. I'd like to hear any ideas
- however wild or domesticated - in this space. I can repay all kindnesses
with beer and whatever appreciations that providence provides I can bestow
in the future.

Regards and thanks,

Peter

617 491 2952

DCSB: Suzan Dionne Balz; The Law of Digital Cash

[R. A. Hettinga]

--- begin forwarded text


Date: Tue, 11 Jan 2000 10:10:41 -0500
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
From: "R. A. Hettinga" <[EMAIL PROTECTED]>
Subject: DCSB: Suzan Dionne Balz; The Law of Digital Cash
Cc: Suzan Dionne Balz <[EMAIL PROTECTED]>,
Fred Hapgood <[EMAIL PROTECTED]>,
"André Dubois" <[EMAIL PROTECTED]>,
Rodney Thayer <[EMAIL PROTECTED]>
Sender: [EMAIL PROTECTED]
Reply-To: "R. A. Hettinga" <[EMAIL PROTECTED]>

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

  The Digital Commerce Society of Boston

 Presents

Suzan Dionne Balz,
   Attorney and Author



 The New Virtual Money:  Law and Practice


 Tuesday, February 1st, 2000
12 - 2 PM
The Downtown Harvard Club of Boston
   One Federal Street, Boston, MA


One of the most important of the current regulatory and policy issues
surrounding electronic cash in the United States and internationally is
its legal status in the eyes of the various regulatory authorities. This
talk will discuss the consequences of the legal status of electronic cash
regarding its issuance (who may or may not issue it), and the payment
functions it is intended to fulfill, such as whether or not and when a
debt paid using electronic cash is discharged, whether or not a payment
order made via electronic cash is revocable and until when, and liability
for unauthorized transactions. .

Suzan Dionne is an attorney and is a Director with Deloitte & Touche in
New York. She specializes in regulatory consulting on information
technologies in general, and, more particularly, electronic commerce, in
the United States and Canada. She has recently co-authored a book
published by Kluwer Law International called The New Virtual Money: Law
and Practice, which covers electronic money regulatory issues in the
United States, Canada, France and the United Kingdom.


This meeting of the Digital Commerce Society of Boston will be held on
Tuesday, February 1st, 2000, from 12pm - 2pm at the Downtown Branch of
the Harvard Club of Boston, on One Federal Street. The price for lunch is
$35.00. This price includes lunch, room rental, A/V hardware if
necessary, and the speakers' lunch. The Harvard Club *does* have dress
code: jackets and ties for men (and no sneakers or jeans), and
"appropriate business attire" (whatever that means), for women. Fair
warning: since we purchase these luncheons in advance, we will be unable
to refund the price of your meal if the Club finds you in violation of
the dress code.


We need to receive a company check, or money order, (or, if we *really*
know you, a personal check) payable to "The Harvard Club of Boston", by
Saturday, January 29th, or you won't be on the list for lunch. Checks
payable to anyone else but The Harvard Club of Boston will have to be
sent back.

Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston,
Massachusetts, 02131. Again, they *must* be made payable to "The Harvard
Club of Boston", in the amount of $35.00. Please include your e-mail
address so that we can send you a confirmation

If anyone has questions, or has a problem with these arrangements (We've
had to work with glacial A/P departments more than once, for instance),
please let us know via e-mail, and we'll see if we can work something
out.


Upcoming speakers for DCSB are:

March  Fred Hapgood   The Rise and Fall of Internet Auctions
April  André Dubois   Canadian Digital Commerce Policy
TBARodney Thayer  Transnational Cryptography


We are actively searching for future speakers. If you are in Boston on
the first Tuesday of the month, are a principal in digital commerce, and
would like to make a presentation to the Society, please send e-mail to
the DCSB Program Committee, care of Robert Hettinga, .


For more information about the Digital Commerce Society of Boston, send
"info dcsb" in the body of a message to  .
If you want to subscribe to the DCSB e-mail list, send "subscribe dcsb"
in the body of a message to  .
We look forward to seeing you there!

Cheers,
R. A. Hettinga
Moderator,
The Digital Commerce Society of Boston

-BEGIN PGP SIGNATURE-
Version: PGP Personal Privacy 6.5.1

iQA/AwUBOHtHqMPxH8jf3ohaEQI3pACg4wEgEm6jS5OkoieqpiooUMQTuy8AoN5W
zxn9tVODp4cC1i+dqJujvhA+
=8j0h
-END PGP SIGNATURE-
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

For help on using this list (especially unsubscribing), send a message to
"[EMAIL PROTECTED]" with one line of text: "help".

--- end forwarded text


-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 

Re: Killer PKI Applications

[Eivind Eklund]

On Mon, Jan 10, 2000 at 06:08:00PM -0500, Peter Cassidy wrote:
> 
> Friends,
> 
> I am engaged in an expansive and challenging authoring assignment
> regarding PKI's rationale in the large e-commerce plexus. I'm casting
> about for ideas on the killer PKI application. I'd like to hear any ideas
> - however wild or domesticated - in this space.

Trust management in a cash based world.  With digital cash, I expect
it to become much more tempting to hit-and-run; without a trust system
to limit this, digital cash will not be able to take off to its full
potential.  Iff digital cash is able to take off somewhat without
fully functional PKI, I believe it will pull PKI up with it.

Eivind.

Preliminary Program -- Financial Cryptography '00

[R. A. Hettinga]

--- begin forwarded text


Resent-Date: Mon, 10 Jan 2000 23:46:46 -0400
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Preliminary Program -- Financial Cryptography '00
Date: Mon, 10 Jan 2000 22:46:37 -0500
From: Don Beaver <[EMAIL PROTECTED]>
Resent-From: [EMAIL PROTECTED]
Resent-Sender: [EMAIL PROTECTED]
Resent-Bcc:


  Financial Cryptography '00
 February 21-24, 2000, Anguilla, BWI
Preliminary Conference Program

NOTE: Early Registration Deadline is January 15, 2000

FC00, the fourth international conference on financial data security
and digital commerce, will be held in Anguilla, British West Indies.
FC00 aims to bring together persons involved in both the financial and
data security fields to foster cooperation and exchange of ideas.  The
conference is organized by the International Financial Cryptography
Association (IFCA).


PRELIMINARY CONFERENCE PROGRAM

Monday 21 February

PAYMENT SYSTEMS

Self-Escrowed Cash Against User Blackmailing
Birgit Pfitzmann and Ahmad-Reza Sadeghi

Blind, Auditable Membership Proofs
Tomas Sander, Amnon Ta-Shma (International Computer Science Institute)
and Moti Yung (CertCo)

Private Selective Payment Protocols
Giovanni Di Crescenzo (Telcordia Technologies Inc.)

INVITED SPEAKER

Toward a More Sensible Way of Regulating the Circumvention of
Technical Protection Systems
Pam Samuelson

DIGITAL RIGHTS MANAGEMENT

Efficient Trace and Revoke Schemes
Moni Naor and Benny Pinkas (Weizmann Institute of Science)

Efficient Watermark Detection and Collusion Security
Francis Zane


Tuesday 22 February

ELECTRONIC POSTCARDS

Postal Revenue Collection in the Digital Age
Leon A. Pintsov (Pitney Bowes Inc.) and Scott A. Vanstone (University
of Waterloo & Certicom Corp.)

Signing on a Postcard
David Naccache (Gemplus Card International) and Jacques  Stern (Ecole
Normale Superiere)

PANEL

Payment Systems: The Next Generation
Moderator: TBA

ANONYMITY

Self-Scrambler Anonymizers
David Pointcheval (Ecole Normale Superiere)

Authentic Attributes with Fine-Grained Anonymity Protection
Stuart G. Stubblebine (CertCo) and Paul F. Syverson (Naval Research
Lab)

Resource Efficient Anonymous Group Identification
Ben Handley


Wednesday 23 February

FINANCIAL CRYPTOGRAPHY POLICIES AND ISSUES

The Encryption Debate in Plaintext: National Security and Encryption
in Israel and the United States
Barak Jolish (Hancock Rothert & Bunshoft)

Comments and Critical Reflections on the Proposal for a European
Directive on a Common Framework for Electronic Signatures and
Certification Service Providers
Apollonia Martinez-Nadal (University of Balearic Islands, Spain)

A Response to "Can We Eliminate Certificate Revocation Lists?"
Patrick McDaniel (University of Michigan) and Avi Rubin (AT&T Labs)

ABUSES OF SYSTEMS

Non-Repudiation in SET: Open Issues
Els Van Herreweghen

Statistics and Secret Leakage
Jean-Sebastien Coron (Ecole Normale Superiere), Paul Kocher
(Cryptography Research, Inc.) and David Naccache (Gemplus Card
International)

Analysis of Abuse-Free Contract Signing
Vitaly Shmatikov and John C. Mitchell (Stanford University)

Asymmetric Currency Rounding
David M'Raihi, David Naccache and Michael Tunstall (Gemplus Card
International)


Thursday 24 February

FINANCIAL CRYPTOGRAPHY TOOLS

Secret Key Authentication with Software-Only Verification
Jaap-Henk Hoepman (University of Twente, The Netherlands)

Sharing Decryption in the Context of Voting or Lotteries
Pierre-Alain Fouque, Guillaume Poupard and Jacques Stern (Ecole
Normale Superiere)

PANEL

Public Key Infrastructure: PKIX, Signed XML or Something Else?
Moderator: Barb Fox & Brian LaMacchia (Microsoft)
Carl Ellison (Intel Architecture Labs)
Caelen King (Baltimore Technologies)
Michael Meyers (Verisign)
Andrew Konstantaras (independent consultant)

SYSTEM ARCHITECTURES

Financial Cryptography in 7 Layers
Ian Grigg (Systemics, Inc.)

Capability-Based Financial Instruments
Mark S. Miller (ERights.org), Bill Franz and Chip Morningstar
(Communities.com)


RUMP SESSION

In addition to the regular conference program, a rump session will be
held on the evening of Tuesday 22 February to provide an opportunity
for less formal presentations.  Although the rump session will be
organized during the conference itself, advance proposals may be
submitted by email.  Rump session contributions will not appear in the
conference proceedings.  An award of $350 in e-gold will be awarded to
the best rump session presentation.


EXHIBITION

An exhibition will be held in conjunction with the technical program,
with product displays, demonstrations, and presentations of a
business-oriented nature.  Scientific sessions are primarily scheduled
for the mornings and exhibition sessions for the afternoons.


CONFERENCE VENUE

The conference will be held at Chandeliers, the conference facility of
the InterIsland Hotel, which is on Road Bay, near Sandy Ground
Village, in the South Hill section of Anguilla.  The

Re: DeCSS defense briefs

[John Gilmore]

> The PI hearing will be held on the 14th.

Actually there's news today from the court.  The judge had a conflict
on the 14th (he's supposed to be in an appellate court and they forgot
to tell him).  The attorneys are working on rescheduling the PI hearing
and I'll let you know once I know.

John