[11757] in Commercialization & Privatization of the Internet
Re: Random Thoughts Regarding RSA/NCSA/EIT
daemon@ATHENA.MIT.EDU (Pat Farrell)
Sun Apr 17 20:31:42 1994
Date: Sun, 17 Apr 1994 18:05:11 -0400 (EDT)
From: "Pat Farrell" <pfarrell@netcom.com>
Reply-To: pfarrell@netcom.com
To: raisch@internet.com, com-priv@psi.com
"Rob Raisch, The Internet Company" <raisch@internet.com> writes:
> On Fri, 15 Apr 1994, Kent W. England wrote:
>> What if we just use the key-pair for greater security between one buyer
>> and one seller for a sequence of transactions over time?
> Ok, now I have to manage potentially thousands of different key-pairs.
You have to have access to thousands of certified key-pairs.
Computers are good at storing and searching. How you "certify" the
keys is an open issue. The PEM model has a heirarchical bureaucracy
that certifies them. PGP tries to use a "web of trust." I expect that
some combination, or a new alternative, will be accepted downstream.
I personally don't like the exposure that compromizing one of the high level
PEM certificates brings, and don't think trust is transitive.
>> Assume we still use credit card numbers for the financial part.
Or digital cash. Cash was once legal tender.
>> Keep your private key on your portable PC.
> Ok, now I need a portable PC.
A PCMCIA smartcard would make more sense, and would be lots cheaper in
volume.
> Explain to the typical Prodigy or America Online user what the risks
> really are. Explain to typical SLIP users why it's not such a good
> idea to keep their private keys on-line. Explain to me how a SLIP or PPP
> enabled machine is guaranteed to be secure.
SLIP and PPP are not designed to address these issues. Spoofing TCP/IP is
trivial. That is why there is PEM, DSS, RIPEM and PGP. They are designed to
address these problems.
> The real problems are educational. The fact is, we are talking about
> human nature here. System admins can't get users to select secure login
> passwords. How do we expect to manage this? It's a chicken and egg
> problem. Until there is an on-line commerce worth bothering about, there
> won't be any interest from real software developers in creating the tools
> required.
No argument from me that there is a serious educational problem. Wired, one
of the more net-aware magazines, expects folks to email credit card numbers
in clear-text. They are too cheap to buy a $99 liscense for ViaCrypt PGP.
If they are a leading commercial user, we're years away.
If you pay attention to the EDI and ietf-edi lists, you will see that there
is lots of interest in on-line commerce. And there are more than a few folks
who keep raising privacy and and non-refutation issues.
> I understand the risks involved in using my credit cards. I understand
> the risks involved in sending cash through the mails. I understand the
> risks in leaving my wallet on the front seat of an unlocked car.
I assume you don't _do_ any of these foolish things. Don't think about
sending financial data as cleartext. Require digital signatures so you know
both who sent the purchase order, and that the line items are un-modified.
If you think about your needs, and look at the existing and RSN technology,
there are ways to control the risk.
Pat
Pat Farrell Grad Student pfarrell@cs.gmu.edu
Department of Computer Science George Mason University, Fairfax, VA
Public key availble via finger #include <standard.disclaimer>
