[659] in WWW Security List Archive
Compute costs of supporting CAs
daemon@ATHENA.MIT.EDU (Ned Smith (nedbob))
Fri Apr 28 23:27:59 1995
From: "Ned Smith (nedbob)" <nedbob@sequent.com>
To: "'www-security mailing list'" <www-security@ns2.rutgers.edu>
Date: Fri, 28 Apr 95 16:57:00 PDT
Errors-To: owner-www-security@ns2.rutgers.edu
I'd like to introduce a new thread. Let me know if the list feels it is not
topical. I beg the lists pardon if indeed it isn't.
I'm curious about how much compute overhead is involved when using
certificate authorities for electronic commerce style interactions. The
basic model being; a cyber-shopper at the checkout wants to purchase items
electronically (credit card or digital cash). The customer wants to verify
the public key used to encrypt the cc# actually belongs to the store owner.
Verification (as I see it - and I'm no expert that's why I'm posting this)
can result in a cascade of verification operations among CAs. I'm assuming
there is a web-of-trees trust infrastructure.
- Each transaction (buyer purchases item from seller) may result in buyer
seeking CA validation of sellers public key. Assuming we don't trust the
public key or the public key distribution mechanism requires the buyer
obtains the public key from a certificate, then 100% of the transactions
would need CA validation.
- Of those validations some number will require validation to a common root
CA. I assume this means all CAs in the chain would require validation
computations. Say 25% of all transactions do this.
- Of those, some will require inter-tree validations. In otherwords the root
is not the correct CA and a "trust-link" must be followed between some other
tree. Say 5% of all transactions do this?
Any idea how to measure the costs?
For example a "validation" may consists of: (I realize this is naive)
- a request (client --> CA)
- a db lookup of public key/owner pair (CA)
- computation of certificate (CA --> CSU)
- return result (CA --> client)
Regards,
Ned Smith
nedbob@sequent.com
