 |
|
|
|
|
News. Information. Education. |
| Ask PKIForum.com |
|---|
|
Ask PKIForum.com is an interview feature where you have the chance to ask the experts questions of your own. Don't forget to read Part Two of our EXCLUSIVE interview with Prof. Spafford. Is there someone that you would like to see interviewed? Make a suggestion! Please send an e-mail message to
|
| Subscribe |
|
You can to our low-volume mailing list for e-mail notices of site news, contests and more. To subscribe to our newsletter, please send an e-mail message to with the subject line SUBSCRIBE.
|
| About PKIForum.com |
|
PKIForum.com is an independent news, information and education organization focused on public key infrastructure (PKI). To contact PKIForum.com, please send an email message to If you are interested in sponsorship opportunities at PKIForum.com, please send an email message to Thank you for visiting PKIForum.com! We hope to see you again soon.
|
| Professor Gene 'Spaf' Spafford | ||
|---|---|---|
| BOOKS ETC HOME INTERVIEW BIO PART ONE PART TWO LINKS | ||
|
EXCLUSIVE INTERVIEW: PART ONE |
||
|
PKIForum.com: What do you see as the trend towards the adoption of PKI versus other technologies? Will it be proprietary or standards-based? And will the question of interoperability be resolved in the near-term? Spafford: I don't think so. You've asked complex question here that has many parts to the answer. PKI has been held up as a solution to a number of problems that's probably not going to solve all those problems. PKI poses a number of difficulties for privacy, for organizational control and for liability. From the privacy standpoint, if you're going to deal with signed certificates, all the things that I'd want to use a certificate for, to prove things about myself -- my citizenship, where I live, my age, my gender, my Social Security number in the U.S., or health ID number in Canada -- those may all be things we want to build into a certificate. But if they're built into the certificate they're available to anyone I'd have to present that to. And that poses a huge threat to privacy. So another approach might be to have multiple certificates, but then how do you manage those? That becomes a headache. From the standpoint of the technology, managing differences in identification -- there probably are not too many Eugene Spaffords who might go after certificates, but there are a whole lot of Richard Smiths or Edward Jones's out there. How do you tell one from another -- again, without adding a lot of extra information to the certificate -- that now turns it into an instrument of disclosure of personal information that someone may not want to disclose? Revocation handling is a big problem with certificates because you need to be able to access a revocation list, and as that grows with time it has to be very available, especially for sensitive applications. It's going to get very large, especially if you have centralized servers unless you put very short expiration times on certificates. But if you put short expiration times on certificates you now have a different kind of load: for generating them. That's going to be a problem. A third problem is the whole issue of liability. For businesses to really want to accept PKI, they're going to want to have some guarantee from whoever grants the certificates and does the signing that they [the certificate authority] will take responsibility for abuse of the certificates and for guaranteeing the identity of the certificate holder. So far it has -- I have not seen evidence that any of the signature authorities are willing to take on that kind of risk. And so, without that, I think there's some question about the overall general acceptance of PKI in a commercial setting. The technology solves many problems. I think having organizational PKIs, where you have a small subset of individuals [so] that you don't have the confusion of identity and you don't have to load up the certificates with so much information; you can use it for single sign-ons, you can use it for authentication for company or agency Web sites -- those make sense. That's a good application. But in terms of large-scale PKIs, there are some big hurdles to overcome -- not all of which are technical in nature -- before it's widely accepted.
PKIForum.com: The Canadian government is planning to give every citizen their own certificate -- for interaction with the government -- as a form of official identification. How do you think that will play out? Spafford: It'll be interesting to see because a lot of what's going to happen there is people losing their certificates or not knowing how to use it. And if there are phone lines or offices -- are they going to be doing it through the post [office]? Let's say the post office. There'll be a lot of people coming in who'll need explanations, who'll need help, they may not have computing equipment that's capable of using [certificates] and I think it's going to cause a tremendous amount of customer assistance, customer need, as well as antagonism by customers. That's actually a big danger for PKI -- premature deployment. Because if you're not ready to deal with those problems and it generates very bad feelings and bad press, people aren't going to want to try it again later. We've seen that with other kinds of technologies: you put it out before it's really mature and it creates a very bad sense in people's minds and they just don't want to use it. PKIForum.com: Do you have any examples of premature deployment in the security space? Spafford: Nothing comes immediately to mind. If I thought about it for a while I might [remember].
PKIForum.com: How do you see security in wireless applications, in the wireless world? What kind of security do you envision being implemented on mobile handsets? Will it be PKI or something else? Spafford: Right now security is almost non-existent in the wireless realm. And depending on how you define the elements of security, encryption only solves some of them. Confidentiality? Yes, we can encrypt links. That works. And we can do that with negotiated keystreams, for instance. It can be used with dynamic keystreams. [It] could be done public/private keying -- that's also possible. You could also build in symmetric keys on a one-time basis or on a recharge basis where you bring the phone in and it's reprogrammed. That solves problems. Integrity of communications? Again, if you encrypt it with the right kind of feedback chaining then you can detect any alterations. Availability is a problem. Encryption doesn't do anything to help us with availability. Availability to the end system. Because you jam the signals or you create interference and there you go. It's also the case that you, as a consumer, are not going to want to enter a long keystream into the unit every time you use it. And even if it's on a smart card, you're going to insert the card and leave it. So now we have to worry about theft and loss. From the standpoint of someone else now impersonating you and using those services -- particularly if all your keys are on one card -- that gets particularly messy. Or from the standpoint of "You've lost your card! There go all your keys!" now we have to introduce a whole new either key recovery system or escrow system, which bothers a lot of people because of the potential privacy and impersonation problems. So again, we're back to the point where encryption is a technology that offers solutions but key management and everything that surrounds it becomes a huge headache. In Part Two of our exclusive interview, Prof. Spafford discusses:
|
||
|
Copyright © PKIForum.comTM 1999-2003. All Rights Reserved. The PKIForum.com logo, "PKIForum.com", "PKI Forum.com" and "PKI Forum" are trademarks of PKIForum.com and its proprietors. |