[2457] in cryptography@c2.net mail archive
Re: Reply to "ABA" becomes root CA for financial services industry
daemon@ATHENA.MIT.EDU (Robert Hettinga)
Thu Apr 9 14:00:49 1998
In-Reply-To: <s52b6c1a.009@aba.com>
Date: Thu, 9 Apr 1998 10:44:00 -0400
To: "Kawika Daguio" <Kdaguio@aba.com>, dcsb@ai.mit.edu, cryptography@c2.net,
dbs@philodox.com
From: Robert Hettinga <rah@shipwright.com>
Cc: alivings@aba.com, jbyrne@aba.com, tgreco@aba.com
For those who don't remember, Kawika Daguio, of the American Banking
Association, and I debated, somewhat vociferously :-), on the financial
impact of strong cryptography, functional anonymity, and bearer settlement
at Hotwired's Brain Tennis site last year: <http://www.braintennis.com>.
Oddly enough, Kawika and I are pals, anyway. :-).
Any fur flying in the following is just part of the tussle and is certainly
not personal.
At 12:23 PM -0400 on 4/8/98, Kawika Daguio wrote:
> As I see it, hybrid (hierarchy and network) PKI models like the one we
>will be building and operating will play a critical role in the
>development of ecommerce by enabling and facilitating both bilateral and
>clearinghouse type relationships between FIs.
So far so good...
> Associations, including clearinghouses, serve policy and operational
>roles that add value today and will do so in the future, despite some who
>may make claims to the contrary.
A "trading club", like the American Banking Association, has its merits, to
the extent that you need to deal with people you've never met before.
Especially in meatspace, where distance really counts.
In meatspace, you tend to deal with people who are closest to you
geographically, and so when a stranger comes into town, you definitely need
to have someone you know, from where they're from, vouch for them.
Once you have industrial communication, like telegraphy and telephony and
mass media, you can start to trust "branded" individuals. That is, people
who are members of an association, who you can look up in a book, or send a
telegraph to a central office to verify, or whatever. That's what trade
groups like the ABA help with, and what trading associations like the NYSE
or NASDAQ, or the diamond merchants' associations do quite well.
After the advent of the mainframe, and the branding opportunities mass
media gave us, it was possible to do this for actual people, and that's
effectively what credit cards did. With a credit card, you are using the
brand name of the credit card to effectively borrow the merchandise or
service overnight from a merchant, who in turn borrows money to cover your
purchase from his credit card member-association bank at the time of
deposit of your charge slip, who borrows the money from *your* bank, who
loans the money to *you* until you pay the bill someday.
I say "borrow" when most people say something like "send", or "wire" or
"deposit", because there's the whole issue of chargebacks and their dispute
resolution, and, until the time expires on a potential chargeback, that
money is at risk to the merchant and their bank. That's why merchants have
to have reserve or deposit requirements against their credit card
purchases.
With cash or other bearer settlement, of course, nothing like that happens,
but that, as we used to say in Texas, is a whole 'nother story.
Okay. So, branding and financial associations are important to book-entry
transactions, particularly those in industrial meatspace with
hierarchically organized communication topologies. That's what credit card
associations, or banking associations, like the ABA, including their ABA
numbering scheme, do.
For an example of what I mean by "hierarchically organized communication
topology", take look at the MICR codes at the bottom of your check
sometime. Besides your account number and your check number, there, in
electromagnetic ink, is your bank's ABA number, or the ABA number of their
correspondent(?) bank, or whatever.
The ABA number on someone else's check deposited in your account
essentially helps route the check, as a request for funds, through a giant
hierarchy of book entry settlement. From your bank account to (if you're
bank's small) your bank's correspondent(?) bank, onto the fed funds wire
system, through the Fed, and back down that pyramid of custody until it's
taken out of that person's account and sent back to you over the same
hierarchical path.
The ABA number is, somehow, a *certification* to the Fed that the bank is a
real bank, though I'm not sure whether nowadays the ABA number actually
means anything to the ABA or that it's now just a bank identity coding
scheme and nothing else.
Now, let's talk about a world where communication topologies are geodesic
instead of hierarchical, distance is a polite fiction, and settlement time
trends, inexorably, to the instantaneous. :-).
> Managing trusted key distribution solutions and directory services
>supporting 15,000 insured depository institutions is not a trivial or
>unimportant task, dealing with and accommodating an even wider community
>is even more challenging. Developing a flexible policy space and
>infrastructure framework that will permit FIs to do it right, do it soon,
>and do it their way is a task that simply cannot be left to chance and
>time alone.
Right. Until they figure out that you provide nothing but an introduction,
which, on a network where distance doesn't matter anymore, doesn't help
much. At the very best, networks of trust will evolve from a bottom up
basis to replace the certification service the ABA would provide. I'll end
up doing business with people who my friends say are okay, just like the
old days. Note that the ABA is is not, in the Animal Farm sense, more
"friendly" than others, because, frankly, they can't afford to hold the
outstanding liability.
At some point, you guys can only provide an introduction, Kawika, because a
certification "authority" is in fact nothing of the kind. In order to be of
any use to anyone, they're going to have to be actual financial
intermediaries, to take risk themselves like an insurance company does,
every time they vouch for someone's integrity. Their reputation.
If all you're providing is introductory services, you're not much better
than Yahoo, who can probably do a better job of listing banks than even the
ABA could. Certainly a cheaper job, which is all that matters if all you're
doing is managing a list.
> Institutions moving trillions of dollars a day are not interested in
>letting the market, technology, infrastructure, and law develop unguided
>at a snails pace and at their expense.
I beg to differ. "Guided" is a snail's pace. Look at SET, the most "guided"
transaction protocol ever invented. It has been years in development, and
not a single SET transaction has occured. At this point, it is nothing more
than financial shovelware, in my opinion. And, frankly, I used to think it
was going to be the financial protocol that nobody could refuse, that
nobody would get fired for using.
SSL, a protocol absolutely "unguided" by the financial community, works
just fine for sending credit card numbers. Not one case of credit card
fraud involving the interception and decoding of an SSL message has ever
been reported, and, frankly, when it does, it'll probably be a 40-bit one.
:-).
How many billion dollars of credit card transactions went over the net last
year under SSL?
I would claim that, like IBM, nobody will ever get fired for using the ABA
CA. Which is nice, to the extent that, like what IBM did for the world of
microcomputing, the ABA will make a nice chunk of change but will
essentially usher in a whole new way of doing business that the ABA can't
meaningfully compete in.
> I believe that, "Serious business
>requires serious security and reliability" and challenge anyone to defend
>the current infrastructure as adequate to the task.
Absolutely. And I believe you can do serious business, with serious
security and reliabilty, without an industrial-era membership
organization, just like you can do serious business on microcomputers
without IBM.
> Our infrastructure
>will support related infrastructure deployed by others that will permit
>trust to be extended on a basis and on networks that were previously
>infeasible. We want to jumpstart policy driven processes that lead to
>large-scale, global ecommerce and banking. I think this is a noble cause,
>worthy of wide support rather than criticism.
Nobility has nothing to do with reputation and trust, I'm afraid. :-).
Reputation is all about market forces, frankly. And not "policy".
> As I see it, our role is to help financial institutions deploy their own
>PKIs and facilitate sound policy compliant use of authentication and
>encryption technologies as risk management tools, where ever and whenever
>they think it appropriate.
"sound[,] policy compliant". "appropriate". Both, um, concepts, are
completely overdetermined by markets, I'm afraid. Economics begets law
which begets "policy" and not the other way around. Most people in the
beltway have a hard time figuring that out, I've noticed.
> other financial
>services industry stakeholders
Meaning governments, of course. The fun thing about the internet, Kawika,
is that you can't "govern" it. At least at the point of a gun the way
governments do. Governments can only prevent it from happening in certain
geographic areas, and, frankly, not because of "policy", but as a result of
the economics of building the infrastructure as much anything. No country
has as much violence-driven "policy" as China does, and, frankly, attempts
to control the internet in places like Guangdong and Shanghai, much less
Hong Kong, are impossible.
And, as more satellites like Iridium and others go up, even geography will
be irrelevant to the ubiquity of the internet.
> I expect bankers (including I-bankers) will
>put on their "relying party hats" when setting these requirements and also
>expect them to place tremendous stress on assurance (reliability and
>security) to a far greater extent than required in any other commercial
>sector. Relying parties with serious money (risk) on the table will be
>driving this thing. They will, if anyone can, do this right.
Absolutely. I also expect, again, that "certification authorities" will be
practically non-existant. They will be replaced, if they're ever used, by
actual guarantors of transitions and reputation.
> long time no correspond -
True enough.
Hey, Kawika, I think you guys should come to talk to us at the Digital
Commerce Society of Boston on this. I don't heckle in my own meetings too
much :-), whole bunches of the Society's membership agree with you, and the
Harvard Club's a nice place to haggle about such things.
I'll send you an official invitation offline. August 4th looks like the
first open date so far.
Cheers,
BHettinga
-----------------
Robert Hettinga (rah@shipwright.com), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The e$ Home Page: http://www.shipwright.com/
