Roger Clarke's Web-Site

 

© Xamax Consultancy Pty Ltd,  1995-2016


Roger Clarke's PKI Position Statement

Public Key Infrastructure
Position Statement

Roger Clarke

Principal, Xamax Consultancy Pty Ltd, Canberra

Visiting Fellow, Department of Computer Science, Australian National University

Version of 6 May 1998

© Xamax Consultancy Pty Ltd, 1998

This document is at http://www.rogerclarke.com/DV/PKIPosn.html


Contents

1. Introduction

2. The Objectives of PKI

3. Conventional, Hierarchical PKI

4. Requirements of a PKI

5. Resolving the Conflicts

6. The Way Ahead

7. Conclusions

References


1. Introduction

The design of public key infrastructure (PKI) has very considerable implications for public policy. There are a number of architectural aspects of PKI that are especially critical to its acceptability to the business community and to the public generally. This document summarises the position adopted by Roger Clarke as public interest advocate, and as Principal of Xamax Consultancy Pty Ltd, in relation to PKI architecture.


2. The Objectives of PKI

The intention of PKI is that it provide a basis for confidence in the reliability of electronic messaging.

PKI is needed in multiple settings, in particular:

A fundamental requirement is that the quality of authentication (variously of identity, and of eligibility of individuals and organisations, and of value) be of sufficient quality, taking into account the purpose for which it is used.

Authentication quality is, however, only one consideration. If consumers and businesspeople perceive a PKI as being authoritarian, or unduly invasive into information privacy, or as imposing unduly on people's behaviour, then PKI would actually decrease public confidence in EC and ESD.


3. Conventional, Hierarchical PKI

All forms of PKI necessarily involve some degree of intrusiveness, in order that sufficient quality can be achieved.

Conventional hierarchical PKI are especially severe. They commonly have some or all of the following features:

Current X.509 v.3 certificates go so far as to permit an agent of an organisation to protect their personal identity through the use of a role-title; but they preclude an individual (referred to as a 'residential person') from having that capability. Moreover, some implementations may preclude a residential person from possessing multiple personal key-pairs, even though the same person is permitted to possess multiple key-pairs for organisations that they represent.

Some schemes even involve the key-pair generation process being compulsorily performed by some organisation on behalf of individuals, and compulsory storage (or 'escrow') of the private key.

Individuals, including not only consumers, but also employees and contractors, and especially in sensitive occupations, will not be confident in a conventional, hierarchical PKI.


4. Requirements of a PKI

To avoid such seriously negative implications, and consequential public opposition, a PKI, needs to have the following characteristics:

The question of role-related key-pairs is especially critical. Public concerns about privacy-invasive behaviour among governments and corporations are at their greatest where organisations are able to combine information about an individual from multiple sources. From the individual's perspective, the most trustworthy approach is not to rely just on legislated privacy protections, with their manifold exceptions, but also to deny organisations the ability to correlate information.

The interests of individuals are therefore well-served by role-specific and/or organisation-specific identities and key-pairs, and are seriously threatened by a requirement that they use a single key-pair with all organisations, or with all organisations of a particular category, such as the Commonwealth Government.

These concerns apply in equal measure to certificates as well as to key-pairs. The reason for this is that if only a single certificate is used for each person, then the identifier of the certificate provides the means to consolidate information about the person.


5. Resolving the Conflicts

This document has highlighted the fundamental tension that exists between the needs of reliability in electronic messaging, on the one hand, and the interests of individuals in privacy-protection, on the other: the requirements listed in the previous section represent a potential threat to the authentication quality that a PKI can deliver.

Analyses performed by myself and others, in several different contexts, lead to the conclusion that all of these conflicts are capable of resolution, provided that all requirements are factored into the design activity.

In short, any PKI initiative that is approached as a mere technical exercise in applied public key cryptography is doomed to failure. It is essential that initiatives commence by appreciating and defining both the technical needs and the social requirements, such that the design of the infrastructure satisfies all of the needs.


6. The Way Ahead

Conventional, hierarchical PKI may be appropriate in contexts where authority is clearly defined. This includes defence organisations, internal communications within organisations, and communications within a layer of government. In particular, federal government agencies may find such an approach appropriate as a means of authenticating messages between agencies, and to confirm the eligibility of an individual to communicate on behalf of an agency. Initiatives in this area may be reasonably described as Government Public Key Infrastructure (GPKI).

Even in these cases, however, considerable care may be necessary in respect of the interests, and particularly the physical safety, of employees, especially those in sensitive occupations.

There have been proposals that a GPKI of this nature be applied also to clients of government, including:

It has even been mooted that a GPKI could in some way support EC between businesses, and between businesses and consumers.

Any such extension of a conventional, hierarchical GPKI beyond the bounds of the public sector will be met with serious scepticism by members of the public and businesspeople alike.

Conventional, hierarchical PKI will require very considerable adaptation and specialisation if they are to meet the complete set of needs. Among other things, the definition of distinguished name and the X.509 certificate identifier both need to be generalised, in order to support pseudonymity for individuals as well as for organisational agents.

Web-of-trust approaches to PKI were conceived with some of the public policy needs in mind, and appear to offer much greater promise. Although web-of-trust PKI standards are at this stage less technically developed than those for hierarchical schemes, the delay involved in maturing them may be no longer than that necessary to re-engineer hierarchical schemes to address the full set of public confidence requirements.


7. Conclusions

A key determinant of the degree of public confidence in EC and ESD will be the nature of the PKI that is used. Government initiatives in relation to PKI must therefore reflect the vital public policy issues involved, and not merely the quality of authentication.

Any Government policy to mandate a conventional, hierarchical PKI, or even to implement one in the expectation or hope that it would extend to entities or people outside the public sector, would be to the serious detriment of public confidence in EC and ESD.

Government actions should be designed to encourage the emergence, maturation and application of PKI that satisfy the full set of needs.


References

Clarke R. (1988) 'Information Technology and Dataveillance' Comm. ACM 31,5 (May 1988) Re-published in C. Dunlop and R. Kling (Eds.), 'Controversies in Computing', Academic Press, 1991, at http://www.rogerclarke.com/DV/CACM88.html

Clarke R. (1994a) 'The Digital Persona and Its Application to Data Surveillance' The Information Society 10,2 (June 1994), at http://www.rogerclarke.com/DV/DigPersona.html

Clarke R. (1994b) 'Human Identification in Information Systems: Management Challenges and Public Policy Issues' Info. Technology & People 7,4 (December 1994), at http://www.rogerclarke.com/DV/HumanID.html

Clarke R. (1996a) `Cryptography in Plain Text', Privacy Law & Policy Reporter 3, 4 (May 1996), at http://www.rogerclarke.com/II/CryptoSecy.html

Clarke R. (1996b) 'Trails in the Sand' (May 1996), at http://www.rogerclarke.com/DV/Trails.html

Clarke R. (1996bc) 'Identification, Anonymity and Pseudonymity in Consumer Transactions: A Vital Systems Design and Public Policy Issue', Conference on 'Smart Cards: The Issues', Sydney, 18 October 1996, at http://www.rogerclarke.com/DV/AnonPsPol.html

Clarke R. (1997a) 'Public Interests on the Electronic Frontier', Invited Address to IT Security '97, 14 & 15 August 1997, Rydges Canberra (August 1997), at http://www.rogerclarke.com/II/IIRSecy97.html

Clarke R. (1997b) 'Chip-Based ID: Promise and Peril', for the International Conference on Privacy, Montreal (September 1997), at http://www.rogerclarke.com/DV/IDCards97.html

Greenleaf G.W. & Clarke R. (1997) `Privacy Implications of Digital Signatures', IBC Conference on Digital Signatures, Sydney (March 1997), at http://www.rogerclarke.com/DV/DigSig.html

Huttner R. (1998-) 'Internet Sites For Lawyers - Cryptography, Encryption And E-Mail Privacy', at http://www.law.unimelb.edu.au/research/research.html#Ronnie's Wonder

Huttner R. (1998-) 'Internet Sites For Lawyers - Digital Signatures', at http://www.law.unimelb.edu.au/research/research.html#Digital Signatures

RSA (1995) 'RSA's Frequently Asked Questions About Today's Cryptography', at http://www.rsa.com/rsalabs/faq/faq_gnrl.html

Schneier B. (1996) 'Applied Cryptography' Wiley, 2nd Ed., 1996

Security Domain (1997) 'About public key cryptography', at http://www.certificates-australia.com.au/aboutpkc.htm

Utah (1996) 'Digital Signature Tutorial', at http://www.commerce.state.ut.us/web/commerce/digsig/tutorl.htm

Utah (1997) 'Frequently Asked Questions Regarding Digital Signatures', at http://www.commerce.state.ut.us/web/commerce/digsig/dsfaq.htm

Whittle R. (1996-) 'Public Key Authentication Framework: Tutorial', at http://www.ozemail.com.au/~firstpr/crypto/pkaftute.htm

Ylönen T. (1996-) 'Introduction to Cryptography', at http://www.cs.hut.fi/crypto/intro.html



xamaxsmall.gif missing
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.

From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 50 million in early 2015.

Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916

Created: 29 April 1998 - Last Amended: 6 May 1998 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/DV/PKIPosn.html
Mail to Webmaster   -    © Xamax Consultancy Pty Ltd, 1995-2013   -    Privacy Policy