Roger Clarke's Web-Site

 

© Xamax Consultancy Pty Ltd,  1995-2017


Roger Clarke's 'Why PKI?'

Why Do We Need PKI? Authentication Re-visited

Roger Clarke

Principal, Xamax Consultancy Pty Ltd, Canberra

Visiting Fellow, Department of Computer Science, Australian National University

Review Draft of 28 January 2002

Prepared for submission to the 1st Annual PKI Research Workshop, at NIST, Gaithersburg MD, April 24-25, 2002

© Xamax Consultancy Pty Ltd, 2002

This document is at http://www.rogerclarke.com/EC/PKIRW02.html


Abstract

Deficiencies in the X.509 certificate standard, and in conventional PKI based on it, are now well-understood. But the lust for more effective certificate-formats, procedures and infrastructure will not be satisfied unless designers are working from much clearer requirements statements.

What are the nails for which public key technologies are supposed to be the hammer? This paper examines the kinds of assertions that e-business needs to be authenticated, and briefly evaluates conventional and alternative PKI against those requirements. It concludes that the holy grail isn't what it used to be, and challenges developers to get clear what it is that they're trying to achieve.


Contents


1. Introduction

In the beginning was public key technology - or at least, a web-century after the seminal article, that's how it seems. Digital signatures was grasped by purveyors of the many other dot.com myths as the means whereby trust is to be achieved in e-commerce and other applications of the Internet. Public key infrastructure (PKI) became a necessity.

Digital signatures and PKI have not achieved the breakthrough. It is increasingly apparent what's wrong with conventional approaches. This paper is motivated by the belief that, in order to re-invent PKI, it's necessary to go back to the beginning and redefine the requirements.

One pervasive myth needs to be debunked at the outset. The term 'authentication' does not necessarily have anything to do with identity. Authentication refers to a process whereby a degree of confidence is established in an assertion. The assertion might relate to identity, but in many cases it does not.

The primary purpose of this paper is to present a taxonomy of assertions whose authentication is relevant to e-business. By e-business is meant here the application of telecommunications-based tools to the business of corporations and government agencies. It therefore encompasses all segments of activity, including B2C, B2B, e-government and electronic services delivery.

The categories of assertion that are considered relate to human identities, human entities, organisational identities and entities, artefact identities and entities, key attributes of each of them, and value. The argument involves some analysis and terminology that are at least novel, and possibly original. Terms are shown in bold-face type at the point in the text where they are defined.

Subsequent sections consider the extent to which, for all their inadequacies, X.509 certificates and the conventional PKI that is associated with them may have something to offer;. Alternative certificate-formats and approaches to PKI are identified that may address the needs of e-business more effectively. This paper is a short-form presentation of analysis undertaken in two much more detailed papers, Clarke (2001b) and Clarke (2001c). Those two papers provide references to a substantial underlying literature.


2. Assertions Important to e-Business

A fundamental problem with PKI is that most of the research underlying it has been applied in orientation rather than instrumentalist research. The concept was created by Diffie & Helman (1976), as a response to a perceived need, and hence the origins were instrumentalist. Since Diffie & Helman, however, the vast majority of the work undertaken has comprised attempts to apply the tool. This paper is motivated by the conviction that inadequacies in PKI arise from a failure to refine the original conception. These inadequacies can only be overcome by articulating the needs of e-business, and then conceiving PKI that will address those needs.

The caption to Steiner's 1993 cartoon, "on the Internet, nobody knows you're a dog", is usually interpreted to mean that a serious problem arises from the lack of identity authentication. There are some circumstances in which this is a problem. But in most circumstances, people can get on with e-business perfectly well, with or without reliable knowledge of the other parties' identities. This is very fortunate, because as the following sub-section will argue, an assertion of human identity is very challenging to authenticate.


2.1 Human Entities and Identities

The notion of human identity has been inadequately addressed in the literature. The term 'human identity' is used in this paper to refer to a particular presentation of a human entity. Individual people perform various social, economic and political functions, in roles such as citizens, consumers, sole traders, and members of partnerships and unincorporated associations. A person may present the same persona for every role, or different personae for each of them, or a few personae each of which is used in multiple contexts.

It is useful to have a term available that encompasses both identities and the entities that underlie them. In this paper, the term '(id)entity' is used for that purpose.

Organisations construct models of relevant (id)entities, by capturing data into data structures within information systems. In particular:

Within an organisation's information systems, a real-world (id)entity is operationalised as some sub-set of the data that describes it, and that differentiates it from other, similar identities. For example, a car may be differentiated by its accessories, its paint-scheme, a particular pattern of dents and scratches, a particular grinding sound when changing gears, and its peculiar cornering characteristics. More formally, an (id)entifier is one or more data-items concerning an (id)entity that are sufficient to distinguish it from other instances of its particular class, and that are used to signify that (id)entity.

The preceding paragraph defined both an identifier for an identity, and a new term, 'entifier', which is the signifier for an entity. The distinction is important: a name or code may be an identifier, but not an entifier. An entifier, because it must distinguish a physical person from other individuals, is of necessity some form of biometric.

(Id)entification is the process whereby data is associated with a particular (id)entity. It is performed through the acquisition of data that constitutes an (id)entifier for that (id)entity. An organisation's purpose in performing an (id)entification process is to establish that an (id)entity presenting to it is either:

The process of (id)entification is a search for the one among many data records that corresponds to the presenting (id)entity. For a comprehensive treatment of human identity in information systems, see Clarke (1994).

One further refinement of existing language is needed, in order to reflect the realities confronting e-business. The relationship between an identity and an underlying entity may or may not be known to a record-keeper, and indeed may or may not be knowable. The term 'nym' is used here to refer to one or more data-items relating to an identity that are sufficient to distinguish it from other instances of its particular class, but without enabling association with a specific entity. That the concept is commonly recognised is evidenced by the wide range of synonyms, including also-known-as, aka, alias, avatar, handle, nickname, nick, nom de guerre, nom de plume, moniker, persona, personality, profile, pseudonym, pseudo-identifier, sobriquet, and stage-name. The term 'nym' is to be preferred, because it is gaining currency, it is derived from a relevant Greek root, and it carries little semantic baggage with it.

A nym enables an individual to act without disclosing which entity they are. There are two important cases. Anonymity is a characteristic of data, such that it cannot be associated with a particular human entity, either from the data itself, or by combining the transaction with other data. Pseudonymity is a characteristic of data, such that it cannot, in the normal course of events, be associated with a particular human entity. In most cases, this is achieved through the use of some form of pseudo-identifier, and the index that relates the identifier to the underlying entity is unavailable, and effectively protected. For a comprehensive treatment, see Clarke (1999).

It is proposed that meaningful discussions about the authentication of human (id)entity are not possible unless a model is available of at least the richness depicted in Exhibit 1.

Exhibit 1: A Model of Human (Id)entity

Some key aspects of this model that differentiate it from the conventional wisdom are that:

Identity authentication is the process whereby an organisation establishes its degree of confidence in an assertion that a party is who they purport to be. More laboriously expressed, it is a process designed to cross-check against additional evidence the identity signified by the identifier acquired during the identification process. An item of evidence is usefully referred to as an 'authenticator' or a 'credential'. Authenticators include additional identifiers, knowledge and tokens.

The term entity authentication, on the other hand, refers to the process whereby an organisation establishes its degree of confidence in an assertion that a party is a specific instance of the species homo sapiens. The entification of a human entity depends on the gathering of an entifier of the person, i.e. a biometric. The authentication process involves a cross-check of the entifier against a reference measure.

The quality of (id)entification and of the authentication of (id)entity depends on many factors, and there is a large variety of sources of false inclusions and false exclusions. Because of the inevitability of quality shortfalls, a system design needs to carefully consider the following:

This sub-section has demonstrated that the authentication of human identity and entity is far more complex and challenging than it is assumed to be by the purveyors of conventional PKI, and is in most circumstances probably a forlorn hope. The next sub-section considers, even where it is feasible, whether it is sufficient to enable e-business.


2.2 Organisational Entities and Identities

A huge amount of e-business involves organisations, including business enterprises, government agencies and associations / not for profits. An assertion that a message has originated from, or been sent to, a particular organisation, would appear to be a very important category of assertion to authenticate.

The concept of 'organisation' requires consideration. In order to mobilise resources, the concept of 'incorporation' was created. The original 'bodies corporate' took the form of 'joint stock companies'. The idea has been applied in many other circumstances as well, in order to create entities distinct from the people who make them up.

Identifiers of corporations include their names, and the codes assigned to them by registration bodies. On the other hand, corporations evidence many identities, such as business units, business names and brands, which may not be distinguished for the relevant legal purposes, and which may or may not have reliable identifiers.

Government agencies are even more problematical. Many cannot be formally distinguished from the 'body politic' of which they are a part, and many that do have an independent legal existence have uncertain names, and no registration codes.

Moreover, there has to be doubt that the concept of an entifier for an organisation has any meaning. Organisations have no physical existence, and are merely legal fictions: there can be no equivalent to a human biometric. The authentication of an assertion of organisational entity is therefore seriously problematical, in both the worlds of conventional business and of e-business.

The authentication of an assertion of organisational identity is also difficult. Commonly-used authenticators include the affixing of a company seal, letterhead, and callback to a telephone-number acquired from another source. These provide only a modest degree of assurance. Equivalents in the electronic world are similarly difficult to contrive. To seriously suggest that an entity that has no real-world existence can possess a private key, and can invoke it in order to sign messages, is to drift towards a dangerous fantasy-land.

These two sub-sections have demonstrated that assertions that relate to both humans and organisations are very challenging to authenticate. This suggests that it might be an appropriate time to examine other e-business actors, and establish whether assertions relating to them are more readily authenticated.


2.3 Artefact Entities and Identities

The term artefact is used in this paper to refer to devices such as workstations, smart cards and robots, together with software agents. These exhibit more or less intelligent behaviour, with more or less independence from individuals, and are perhaps gradually tending towards sentience (Clarke 1993-94). Artefacts are substantially involved in e-business, and there are many circumstances in which it is appropriate to check the likelihood that the artefact that originated a message is as it appears to be, or is asserted to be.

Entifiers for hardware artefacts include processor-ids, and network interface card (NIC) ids. They are somewhat more challenging to define for software artefacts. Artefact identities, on the other hand, can be signified using smartcard segments-IDs, process-ids such as ports and web-server ids, and web-page URLs and email-addresses. An IP-address says nothing about which artefact was using it at the time, and is therefore at best a proxy for an artefact entifier.

Assertions about artefacts appear to be more amenable to authentication than assertions about people and about organisations; and the confidence arising from authentication of artefacts can make valuable contributions to trust in e-business. But before lowering our sights too far, we need to consider what other categories of assertion are relevant.


2.4 Attributes, Agency and Location

(Id)entities have attributes. Attributes of human entities relevant to e-business include age-range, association membership, and educational or other qualification. Organisations have attributes such as registered health care provider, and pre-qualified tenderer. Artefacts may have a particular configuration, or a particular capability such as a being able to display or print data.

Assertions of the possession of an attribute can be subjected to attribute authentication through the inspection of a credential that attests to that (id)entity possessing that attribute. Many circumstances exist in which the credential identifies the person, but this is not actually necessary. All that is needed is some means whereby the credential is reliably associated with the (id)entity presenting the credential. For example, a series of challenges for information may be sufficient to establish that a person qualifies for entry to premises, without even knowing their (id)entity let alone authenticating it.

Moreover, even where the process of attribute authentication involves the provision of an (id)entifier, there may be no need to record anything more than the fact that authentication was performed. In this way, the transaction ceases to be identified. An example of this is the inspection of so-called 'photo-id', without recording the (id)entifier displayed on the card. Smartcard-based schemes can be readily devised such that identity and even entity authentication can be performed, but without yielding up the (id)entifier for recording in an information system.

In addition to the kinds of attributes discussed above, two particular sub-categories are of great significance in e-business. One is the legal authority to act on behalf of another (id)entity, generally referred to as agency. The representative is referred to as an agent, and the party being represented is called the principal.

Humans appoint agents, with various terms being used in various contexts, such as attorney. Organisations lack corporeal form, and therefore have no ability to act in either the physical or the electronic worlds. In order to enter into contracts, place orders, receive deliveries, instigate payments, accept orders, and initiate deliveries, they have no option but to delegate to agents. In many cases, organisations delegate to other organisations, but, eventually, for any action to be taken, the last organisation in the chain has to depend on a human, or possibly an artefact.

In this context, as in many other instances discussed so far, an assertion about agency may or may not include an assertion about (id)entity, either of the agent or the principal. For example, many auctions permit nymous offerors and/or nymous bidders. Credentials and processes designed to assist in authentication need to support identity-less agency relationships.

When conducting agency authentication, care is needed to ensure that the relationship between principal and agent exists at the relevant time, that it encompasses the kind of transaction being conducted, and that it does not exceed any limitations on the agent's power to act on behalf of the principal, and to bind the principal in contract. A further complication is that an agent may act for multiple principals, and a principal may be represented by multiple agents. This results in multiple credentials, and scope for conflicts of interest to arise that need to be managed.

Analogous arrangements have been envisaged for the electronic context, applying cryptographic techniques. One approach that might be used is to authenticate the (id)entity of the individual and/or body corporate (as discussed in the preceding sub-sections), and then check some kind of register of (id)entities authorised to act on behalf of the relevant body. The register might even be implemented in distributed fashion, by setting an indicator within the person's own digital signature chip-card.

Another approach is direct authentication of an authorisation. For example, a body corporate's private key could be used to digitally sign a particular kind of instrument, which a recipient could confirm (using the body corporate's widely available public key). This would be a more direct mechanism, and would avoid unnecessary declaration and authentication of the (id)entity of the agent. It would, on the other hand, involve risk of appropriation or theft of what amounts to a bearer instrument.

Another important kind of attribute is location. An assertion might be of the form 'the (id)entity that originated this message did so from, or in respect of, a particular location, within some tolerance range'. Location authentication might involve location and tracking technologies such as the triangulation of cell-phone signals or the use of global positioning systems (GPS).

Location authentication has potential applicability to a variety of contexts, such as distributed order fulfilment, mobile commerce (e.g. fleet management, motor vehicle hire, driver assistance, road-tolling, breakdown services, and insurance), and legal constraints (e.g. censorship and on-line gambling). The justification advanced for imposing tracking capabilities on cellular phones has been search-and-rescue. As is the case with all other kinds of attributes, mechanisms are needed that support location authentication with and without (id)entity.


2.5 Value

Every instance of authentication considered above as a basis for trust in e-business is challenging, some of them extremely so. This makes it especially important that a further relevant form not be overlooked: value authentication.

A party commonly seeks assurance that the consideration offered by another delivers the value it purports to. In most cases, 'value' is best understood in terms of fungibility or convertibility to cash; but value may also be represented by vouchers such as certificates and tickets; and value can be imputed by the recipient of goods, services or information.

Examples of value authentication include the checking of a banknote for forgery-resistant features like metal wires or holograms, and the seeking of pre-authorisation of credit-card payments. In the electronic context, they include messages stating that funds have been transferred from the sender's account to an account nominated by the receiver; and messages that contain the electronic equivalent of a coin of a particular value in a particular currency.

A further important mechanism is value escrow. This involves a third party or agent acting as a waystation, releasing value to each principal only once all parties have fulfilled their obligations. The interpolation of such an intermediary brings advantages; but it also incurs additional costs, and creates additional risks, such as malperformance, fraud and insolvency of the escrow agent.

In a great deal of conventional commerce, value authentication without identity is a primary means whereby trust is achieved. In e-commerce, however, an aberration has arisen: in its few short years to date, the sole practical payment mechanism has been through the transmission of credit card details, which carry an identifier of the cardholder. Payment mechanisms that do not have an identifier associated with them have been conceived, designed, prototyped, implemented, and trialled, but have not yet been widely adopted. The deployment of value authentication without disclosure of identity represents a real opportunity to unlock the potential of e-commerce.

The model presented in this section has identified 15 kinds of assertions whose authentication is relevant to e-business. They are summarised in the Appendix 1. The following section considers public key technology, as a prelude to evaluating conventional and alternative approaches to applying the technology to support authentication of the various assertion-types.


3. Public Key Infrastructure

Public key technologies assure a message-recipient that the artefact that originated the message had access to a particular private key. Authentication of the message's origin is unreliable, however, unless a range of risks is satisfactorily addressed. These include the possibilities that the private key might be available to other artefacts as well, that the signature-generation process might be able to be invoked by other artefacts as well, and that the public key used to check the signature might have been provided by an imposter.

Managing those risks requires infrastructure to support the bare technology. In particular, the key-pair needs to be associated with something in the real world. (The term commonly used in the computer security literature is the 'binding' of the key to something in the real world - and the something is almost always presumed to be an identity. But the term 'binding' implies a much tighter form of association than is actually feasible, and is therefore avoided in this paper).

Various infrastructure designs and processes have been proposed, mostly based on directory entries and/or signed copies of directory entries conventionally referred to as 'digital certificates'. Depending on the degree of control exercised over artefact manufacture, the network, and connections to it, moderate degrees of confidence can be established in relation to 2 of the 15 categories of assertion: those relating to artefact (id)entity.

Authentication of the other 13 categories of assertion cannot be satisfied by public key technology alone, because they involve entities that are outside the networked world. The association of the key-pair with something in the real world needs to be pre-authenticated.

The term 'public key infrastructure' (PKI) is used in this paper to refer to the comprehensive set of measures needed to enable public key technologies to support the authentication of assertions. Appendix 2 summarises the elements that make up such a PKI. Business and public policy requirements are examined in greater detail in Clarke (2001c).

Fundamental requirements are that the PKI must:


4. Is There a Role for Conventional, X.509-Based PKI?

The vast majority of designs that have been proposed to date, and that have been implemented to date, depend upon digital certificates of a particular format, specified in the CCITT X.509 standard. This was designed in a very different context from the open public Internet that has emerged since the mid-1990s; but X.509 was the hammer that came to hand when the nail was discovered. X.509 primarily defines a certificate-format, but implies some requirements of the infrastructure to support their use.

As a product of a lengthy consultative process, the X.509 standard embodies very substantial flexibility and even looseness. See Gutmann (2000). Reflecting its origins as an element of the X.500 family of directory standards, it is heavily oriented towards identity, to the extent that attribute certificates are tied to an identity. Fixities of definition present serious challenges to the design of anonymity and pseudonymity, and even to the availability of multiple keys and certificates for members of the public.

Conventional infrastructure built to apply the X.509 standard depends on organisations called certificate authorities (CAs) that provide cryptographically secure 'certification' that offers (generally spurious) assurance about the association between the public key and something in the real world. CAs in turn depend on so-called Registration Authorities (RAs) to perform pre-authentication of that association, by means of procedures conducted in the real world, such as inspection of documents and checking of the possession of the private key. For a comprehensive treatment of the inadequacies of conventional PKI, see Clarke (2001a), and several other references provided in that paper.

In an attempt to stimulate uptake of conventional PKI, information technology providers have productised CA and RA services. This has had the effect of imposing a fixed form of the providers' limited vision on all potential users: instead of application-specific choices in relation to the type of assertion to be authenticated, the processes to be used, and the strength of authentication to be achieved, CAs have offered a single take-it-or-leave-it approach. It has achieved very slow take-up.

In closed networks, tight control may be able to be exercised over artefacts, and conventional PKI may be effective for authenticating artefact (id)entity and perhaps also artefact attributes. It may be feasible to apply such techniques to artefacts in open networks. It is not clear, however, that certificates and CAs offer a great deal more than a simpler scheme based on private keys embedded within devices at the time of manufacture, and relying on directory-entries rather than meaningless certificates.

In summary, it appears that the X.509v3 standard supports authentication of artefact (id)entities, yet is marketed primarily as a means of authentication of human identities. X.509 certificates essentially preclude anonymity. They might conceivably be used to support pseudonymity, but only if the policies, procedures and practices within RAs and CAs are designed to do so, and if technical, organisational and legal protections exist for the records that relate the name in the certificate to the (id)entity of the 'subject'.

Hence conventional X.509-based PKI offer inferior solutions, and for only between 3 and 4 of the 15 needs identified earlier in this paper, namely:

Their very substantial bias towards identification, and away from anonymity and pseudonymity, work in favour of surveillance and privacy-invasiveness, and against public acceptability. Applications of PKI that inherit these inadequacies include SSL/TLS, PKIX, S/MIME and W3C XML-Signature (aka XMLDSig). A recent application, so-called 'Qualified Certificates' (RFC3039, 2001) specifies the kind of electronic national ID mechanism of which totalitarian dreams and nightmares are made.

The deficiencies in X.509 are intrinsic to the standard. X.509 derived from the simplistic and threatening X.500 notion of a centralised world directory. It was an inappropriate foundation for PKI to support e-business across the open public Internet. The prospect of further revisions to X.509 to overcome its deficiencies appears unlikely. It is therefore vital that serious consideration be given to other approaches.


5. Alternative Public Key Technologies

This section considers alternative approaches to the use of public key technologies for authentication in the e-business context. For example, certificate formats other than X.509 can be used as a basis for a PKI. Several exist that, unlike X.509, were designed for the specific purpose. See Gerck (1997-2000) and Ellison (2000). These include:

Another approach is to move the focus away from certificates, and avoid unjustified assumptions that are inherent in conventional PKI. PGP, SPKI/SDSI and Brandsian technologies each move in that direction. Additional technologies that avoid certificates include:

AADS is an example of a scheme that depends on independent or 'out of band' pre-authentication of the association between key-pair and an (id)entity. This may be achieved through the existence of a prior relationship between the parties (or an 'account' held by one with the other), or, more generally, by leveraging off an existing community of interest. It is, however, primarily targetted at the authentication of the identity of humans and organisations, and attributes with identity, and possibly agency with identity, for a total of perhaps 4 of the 15 categories that this paper concluded were relevant to e-business.

PGP uses certificates, but enables anyone to issue a certificate. It thereby places the onus on the relying party to make its own decisions as to the level of confidence it places in the key-pair actually being associated with whatever real-world thing it purports to. (This 'web of trust' notion has drifted back into fashion in the X.509 world under the alternative rubric of 'mesh architecture'). PGP is capable of being applied so as to support perhaps 7 of the 15 categories of authentication, including identity, attribute and agency.

The SPKI/SDSI and Blazian approaches regard the association between key-pair and identity as a separate matter unaddressed by public key technology. Blazian trust management, in common with all authorisation technologies, focusses primarily on privileges and restrictions. Attributes are associated with public keys, not with (id)entities. It would appear capable of being applied to perhaps as many as 10 of the 15 categories.

SPKI/SDSI uses local rather than global names, and hence supports both pseudonyms and multiple identities per entity. It appears to be applicable to about 10 of the categories of assertion that require authentication, with the major exceptions of value authentication and probably entity authentication.

The most revolutionary and complete alternative is Brandsian Private Credentials. These use a refined form of cryptography and certificate, such that privacy is protected without sacrificing security. The validity of such certificates and their contents can be checked, but the identity of the certificate-holder cannot be extracted, and different actions by the same person cannot be linked. Certificate holders have control over what information is disclosed, and to whom. Brandsian private credentials are fundamentally anonymous, but implementations can be devised to achieve pseudonymity or identification. They are claimed by their originator to encompass conventional X.509v3 digital certificates as a special case. This approach appears capable of being applied to virtually all of the 15 categories, including value authentication, although (in common with every approach except RFC3039 'Qualified Certificates') it is not targetted at entity authentication.


6. Conclusions

Public key technology has some inherent problems in relation to:

Irrespective of the design of the PKI and of applications that use it, a certificate provides no assurance about whether:

The challenge is to deliver PKI that provides sufficiently convincing evidence to increase confidence in the categories of assertion identified earlier, enables a risk-managed approach to the inherent weaknesses of public key technology, and avoids creating any additional weaknesses.

Conventional X.509-based PKI embodies a large number of additional problems, and in any case addresses only 3 or 4 of the 15 categories of authentication actually needed to support e-business.

Alternative approaches exist, and have already been deployed in the field, which offer more effective authentication than does conventional PKI based on X.509 certificates. Of these, SPKI/SDSI and Brandsian Private Credentials offer particular promise as a basis for PKI that will satisfy the many conflicting interests of the many stakeholders in e-business. There is an urgent need for more, and more substantial, implementations of the alternative approaches.


References

Blaze M. (1999) 'Using the KeyNote Trust Management System', November 1999, at http://www.crypto.com/trustmgt/kn.html

Brands S.A. (2000) 'Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy' MIT Press, 2000

Clarke R. (1993-94) 'Asimov's Laws of Robotics: Implications for Information Technology' IEEE Computer 26,12 (December 1993) pp.53-61 and 27,1 (January 1994), pp.57-66, at http://www.rogerclarke.com/SOS/Asimov.html

Clarke R. (1994) 'Human Identification in Information Systems: Management Challenges and Public Policy Issues', Information Technology & People 7,4 (December 1994) 6-37, at http://www.rogerclarke.com/DV/HumanID.html

Clarke R. (1999) 'Identified, Anonymous and Pseudonymous Transactions: The Spectrum of Choice' Proc. User Identification & Privacy Protection Conf., Stockholm, 14-15 June 1999, at http://www.rogerclarke.com/DV/UIPP99.html

Clarke R. (2001a) 'The Fundamental Inadequacies of Conventional Public Key Infrastructure' Proc. Conf. ECIS'2001, Bled, Slovenia, 27-29 June 2001, at http://www.rogerclarke.com/II/ECIS2001.html

Clarke R. (2001b) 'Authentication: A Sufficiently Rich Model to Enable e-Business' , December 2001, at http://www.rogerclarke.com/EC/AuthModel.html

Clarke R. (2001c) 'The Re-Invention of Public Key Infrastructure', December 2001, at http://www.rogerclarke.com/EC/PKIReinv.html.html

Diffie W. & Hellman M. (1976) 'New directions in cryptography' IEEE Transactions on Information Theory IT-22 (November 1976) 644-654

Ellison C. (2000) 'SPKI/SDSI and the Web of Trust' September 2000, at http://world.std.com/~cme/html/web.html

Ellison C., Frantz B., Lampson B, Rivest R., Thomas B. & Ylonen T. (1999) `Simple Public Key Certificate' The Internet Society, July 1999, at http://world.std.com/~cme/spki.txt

Gerck E. (1997-2000) 'Overview of Certification Systems: X.509, CA, PGP and SKIP', First published April 17, 1997, revisions to 18 July 2000, at http://www.mcg.org.br/certover.pdf

Gutmann P. (2000) 'X.509 Style Guide', at http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt

RFC3039 (2001) `Internet X.509 Public Key Infrastructure: Qualified Certificates Profile' Internet Engineering Task Force of The Internet Society, 2001, at ftp://ftp.isi.edu/in-notes/rfc3039.txt

Rivest R.L. & Lampson B. (1996) 'SDSI - A Simple Distributed Security Infrastructure', 15 September 1996, at http://theory.lcs.mit.edu/~rivest/sdsi10.html

RSA (1993) 'PKCS #6 - Extended-Certificate Syntax Standard' RSA Security Inc., November 1993, at http://www.rsasecurity.com/rsalabs/pkcs/pkcs-6/index.html

Wang Y. (1998) 'SPKI' December 1998, at http://www.hut.fi/~yuwang/publications/SPKI/SPKI.html

Wheeler L. (1998) 'Account Authority Digital Signature Model (AADS)', at http://www.garlic.com/~lynn/aadsover.htm

Wheeler A. & Wheeler L. (1998) 'PKI Account Authority Digital Signature Infrastructure', November 1998, at http://www.garlic.com/~lynn/draft-wheeler-ipki-aads-01.txt

Zimmermann P.R. (1995) 'PGP 5.0 User's Guide' MIT Press, 1995, at http://mitpress.mit.edu/book-home.tcl?isbn=0262740176


Appendix 1: 15 Kinds of Assertions

The model of authentication for e-business presented in this paper distinguishes 15 kinds of assertions:


Appendix 2: Elements of a PKI to Support Authentication


Navigation

Go to Roger's Home Page.

Go to the contents-page for this segment.

Send an email to Roger

Created: 20 January 2002

Last Amended: 28 January 2002



xamaxsmall.gif missing
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.

From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 50 million in early 2015.

Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916

Created: 20 January 2002 - Last Amended: 28 January 2002 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/EC/PKIRW02.html
Mail to Webmaster   -    © Xamax Consultancy Pty Ltd, 1995-2013   -    Privacy Policy