[1816] in cryptography@c2.net mail archive
States of Identity
daemon@ATHENA.MIT.EDU (Robert Hettinga)
Tue Nov 11 13:59:28 1997
Date: Sun, 9 Nov 1997 22:35:50 -0500
To: cryptography@c2.net
From: Robert Hettinga <rah@shipwright.com>
--- begin forwarded text
MIME-Version: 1.0
Date: Sun, 9 Nov 1997 18:31:46 -0500
Reply-To: Digital Signature discussion <DIGSIG@VM.TEMPLE.EDU>
Sender: Digital Signature discussion <DIGSIG@VM.TEMPLE.EDU>
From: Daniel Greenwood <dan@CIVICS.COM>
Subject: States of Identity
Comments: cc: "dan.greenwood@state.ma.us" <dan.greenwood@state.ma.us>
To: DIGSIG@VM.TEMPLE.EDU
Since this is a long post, I have *labeled* the paragraphs so you can
skip around if your want to (if you read this - I would appreciate
reactions or comments).
*Texas Posts New Digital Signature Regulation (it is good)*
The state of Texas has just posted their reg.s for use of "digital
signatures" with state and local government. The Texas legislature was
sufficiently enlightened and flexible to permit any number of
technologies, provided their department of Information Systems approved
the technology for use by or with the state. Similar to California,
Texas has begun with private key/hash (with or without certificates) and
Signature Dynamics. Certificate authorities must be on an approved list
by the department to be used by a state government entity (they require
a SAS 70 and some other things for CA quality assurance). Texas has
been a national leader in the public/private effort to draft (or
leverage existing) CA accreditation criteria and to engage in a project
to rate CAs through a private sector voluntary method that states and
other jurisdictions can rely on (rather then all of us states creating
approved lists or - worse - attempting to license).
*Reg. Contemplates Cert. That Shows Ongoing "Control" of Private Key*
One interesting thing I noticed while scanning PKI section of the reg.s
is that certificate may be used "to certify that [the signer] controls
the key pair used to create the signature." This is different from the
usual regulatory expectation that the certificate merely be issued in
the first instance to the correct person. Here the purpose seems to be
that the certificate constitutes some kind of warranty that the signer
(presumably one who has already signed) controls (present tense) the key
used to sign. I think this would be a very useful purpose of a cert. I
wonder if the Texas regulators envision that this warranty is backed up
by some contractual arrangement with the signer by the CA or if they
have some other method in mind?
*Reg. Also Contemplates "Role-Based Key" (also good)*
Another very welcome section of the reg. defines a "Role-based key" as
"a key pair issued to a person to use when acting in a particular
business or organizational capacity." I like this because it signals
one of the first legal recognitions of the real ways in which key pairs
will probably be used in business organizations. It seems increasingly
obvious to me that the original concept behind X.509 "identity"
certificates - that they would somehow clearly point to a particular
physical body - is neither particularly useful for most commercial,
government, educational or other business contexts nor would such a
certificate be welcome in many instances for privacy, cost and technical
reasons.
*Authentication and Information Hygiene in a Digital World*
On the privacy issue alone, it is not an overstatement that serious
concerns should exist about enabling a wide-spread system that allows or
encourages a range of otherwise disparate activities to be traceable to
a particular citizen who can then have a virtual profile or dossier
compiled against her with relative ease by any number of groups.
Imagine the fun both government and private interests could have . . .
Even without such certificates, the coming onslaught of digital
information comprising so many aspects of central information to our
lives will almost certainly require more stringent and better tailored
Fair Information Practices Acts and other methods to assure information
hygiene.
*What's in a Name: Why Not Look to "Role" and Other Contexts?*
While the Texas reg. speaks to "roles" it seems to me that we are
beginning an analytical and practical process that will end up with
"authentication" not of the fact that we are "John Qwert of Boston" (a
fact that is useless, and even unwelcome, in most cases) but rather with
a sufficiently reliable (read: based on practices that are good enough
for the transaction and are verifiable) authentication that a network
persona (a natural person, a group, a network device, a software agent,
etc.) can have any or all of the following attributed to it:
authorities, roles, responsibilities, rights, a physical location for
purposes of legal service or jurisdiction, corporate powers, various
shades of agency, characteristics or traits, and so on.
*The Mosaic of Identity*
Chas spoke of pseudonym on a recent post. That would certainly be one
valid use of a non-physical-body ID. It seems to me that the more
common and useful practices will be more akin to legitimate aliases that
mirror the existing mosaic of our current identities. We are known by
our account numbers, job titles, security clearances, family nick-names,
professional moniker, and so on. I think it is no accident that society
has come to use such naming conventions. While information technology
does make possible global or very wide-spread multi-system naming
conventions, I no longer think it is wise to expect or desire such an
outcome in the foreseeable future. Rather, it seems more realistic and
useful to work toward identification criteria that relate to the more
specific contexts in which the certificates are designed to be used.
These closed or semi-closed (inter-connected) systems may, in fact, be
easier to scale up precisely because the certificate would contain
information that is important and relevant to some context.
*Sally Who?*
I frankly don't need to know that a given person is "Sally Jones of
Springfield" - but I may want to know, just by looking at the short hand
in a certificate field, that a transmission has arrived from one who
occupies the role of a member of a trade delegation to my state or who
has the affiliation of "friend" of one of my friends.
*The Unique Value of State and Local Government in a Digital World*
It has been said that all politics is local - perhaps all identity is
local as well. State governments, to the extent we engage in electronic
commerce as business organizations, have a legitimate and pressing need
to use the most efficient practices in naming conventions. It may be
that geographic and other local information types may be more easily
available for use and verification between state and local governments
and our constituencies. More than one voice of the digeratti has
condemned the local nature of state government as particularly unsuited
for survival in the multi-jurisdictional world of electronic commerce.
Perhaps the very factor that has prompted some quarters of the Digital
Commentocracy to characterize state governments as obsolete local
road-blocks to electronic authentication may in fact turn out to be the
finest and most valuable government contribution to truly useful
authentication regimes. While the maxim "the less government the
better" still holds true - it can be assumed that state and local
governments are not going to just dissolve in the near future. Since we
are going to be here anyway - we might just be able to leverage our data
and presence to enhance market-based solutions to role or mosaic-based
network identity (where is this organization incorporated? Where is
this person registered to vote? Where does this person have a license
to practice her trade? What activities did this non-profit get a state
grant to conduct? etc.). Such information will be, in my opinion,
exactly the types of facts that a state government would need to know
anyway in order to conduct the types of transactions online that would
begin to save money and enhance service quality. Perhaps this type of
"local" data that can be combined in ways to create truly meaningful
mosaics of identity will be an important contribution to enabling
electronic authentication that markets would want to use. This is
probably another example of a situation where parts of the
infrastructure are best outsourced to private market players and other
parts (including consented access to selected government databases or
other government issued but non-restricted multi-use authentication of
specific facts - like licenses, permits, titles, etc.) are best kept
with the government where they currently exist.
*Finally - the URL for the Texas Rule and Statute*
The URL for the new Texas reg. is:
http://www.state.tx.us/EC/dig-sig-rule.htm
The URL for the Texas Statute is:
http://www.capitol.state.tx.us/cgi-bin/tlo/textframe.cmd?TYPE=B&LEG=75&SESS=R&CH
AMBER=H&BILLTYPE=B&BILLSUFFIX=00984&VERSION=5
Daniel Greenwood
Office: www.state.ma.us/itd/legal
Home: www.tiac.net/biz/danielg
--- end forwarded text
-----------------
Robert Hettinga (rah@shipwright.com), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The e$ Home Page: http://www.shipwright.com/
Ask me about FC98 in Anguilla!: <http://www.fc98.ai/>
