[2456] in cryptography@c2.net mail archive
Re: Reply to "ABA" becomes root CA for financial services industry
daemon@ATHENA.MIT.EDU (Rick Smith)
Thu Apr 9 13:59:53 1998
In-Reply-To: <s52b6c1a.008@aba.com>
Date: Thu, 9 Apr 1998 10:07:43 -0500
To: "Kawika Daguio" <Kdaguio@aba.com>, dcsb@ai.mit.edu, cryptography@c2.net,
dbs@philodox.com
From: Rick Smith <rick_smith@securecomputing.com>
Cc: alivings@aba.com, jbyrne@aba.com, tgreco@aba.com
At 12:23 PM -0400 4/8/98, Kawika Daguio wrote:
>I have been championing this idea for 4 years and everyday grow more
>convinced of the soundness of the idea and the architecture I have been
>proposing. ....
I've noticed that the longer I work on a project the more convinced I
become of the project's "soundness." However, I suspect that is at least
partially an emotional response driven by the personal investment I've
made. I recognize that I myself am not always an impartial judge of the
soundess of my own work.
> .... We have a
>large team of staff, consultants, and other stakeholders running and
>working on this project that are second to none in the PKI world. I am
>in the best position of anyone, I think, to defend the idea in this
>space, as well as the goodness of the proposed policy and technology
>architecture. Obviously there are a range of perspectives on these
>issues, and we appear doomed to disagree, but I wanted to try to inform
>you about the initiative and thus try to change your mind.
I've played this same game on the Internet (trying to change peoples'
minds about systems I've worked on) and it's very possible to do, but
only if you're willing to participate in an open dialog on issues.
> [snip] .. I think this is a noble cause,
>worthy of wide support rather than criticism.
In my own experience, this attitude simply perpetuates disagreements
with no hope of resolution. You have to be able to face the criticism
and address it frankly. You build support by discussing peoples' concerns,
not by discouraging further discussions with a moralistic plea.
>Institutions moving trillions of dollars a day are not interested in
>letting the market, technology, infrastructure, and law develop unguided
>at a snails pace and at their expense. I believe that, "Serious business
>requires serious security and reliability" and challenge anyone to defend
>the current infrastructure as adequate to the task. Our infrastructure
>will support related infrastructure deployed by others that will permit
>trust to be extended on a basis and on networks that were previously
>infeasible. We want to jumpstart policy driven processes that lead to
>large-scale, global ecommerce and banking.
The current system needs no defense since, as you pointed out, it
supports the transfer of trillions of dollars a day. The status quo
never needs to be defended if it works well enough, which it does.
It's not perfect, but experienced engineers recognize that no system
ever achieves perfection when in real operation. The question is
whether a proposed improvement will make things better, or worse.
Now, perhaps an ABA sponsored PKI will, all by itself, yield dramatic
improvements in the security and effectiveness of electronic banking
communications. I'm skeptical, if only because Big Projects fail
more often than they succeed. I expect that the ABA's PKI, if
it gets off the ground at all, will probably do more good than
harm. But I'm not going to predict how many years it will take before
its distinctive capabilities are really used, or how many more years
before the cost of development is really paid back.
The central point of my own skepticism about PKI projects is that
I believe they should be implemented from the ground up. The lowest
level certification authorities need to be put in place first. The
transactions relying on these CAs must be thoroughly exercised and
the host enterprise must grapple with loss, error, and fraud on a
private level. Only then can private enterprises make informed
decisions about the true business meaning of cross certification.
Most PKI systems I've seen focus on the upper levels, trying to
make them profitable and lawsuit-resistant. This doesn't help
the users, so it doesn't really promote public key usage.
I present the evolution of credit cards as an alternative model. Visa
and MasterCard did not spring full grown at the dawn of the credit
card era. They evolved over decades. My dad carried a wallet filled
with credit cards, each issued by a separate enterprise. Each
enterprise took local responsibility for the credit card processing
and the fraud risks. Today, I only carry one or two credit cards.
It took years to establish an appreciation of credit card issues
within enterprises, to safely exploit the benefits of outsourcing,
and to get a practical handle on liability.
Yes, it's inefficient to have to manipulate a private directory of
CA keys. But I'm willing to sacrifice a little efficiency in the
near term rather than risk the diversion of a few percent of the
trillions of dollars a day that must be protected by these systems.
Rick.
smith@securecomputing.com
