I Never Meta-Certificate I didn't..

Prabhakar Ernest (ernest@bcgla.com)
12 Aug 1996 10:44:18 -0800


Hey Rohit, who's this guy at MIT?

> CAs and link-level encryption are just a way, as someone from
> MIT said to me at MacWorld this week, to move the old private networks
> out onto the net

This guy Robert seems fairly clueful:
> To make this happen, Verisign doesn't want you to be you unless Verisign
> says you're you, to paraphrase the old underwear comercial, and that,
> I believe, is the problem. Verisign is not paying attention to what
> it really is: a software vendor. It is not a financial intermediary,
> which is what this CA's CA would be, by definition.

And he seems to understand what is needed:
> So, with that in mind, internet financial institutions like banks could
> create an association or member-owned corporation, which would "rent"
> reputation and function as a financial intermediary between members.

However, he proposes setting one up himself, which is silly since banks =
already have a bunch of associations (e.g. Visa) that perform precisely =
this functions.

-- Ernie P.

From: Robert Hettinga on Mon, Aug 12, 1996 6:49 AM
Subject: e$: I Never Meta-Certification...

Verisign, NRC-CRISIS, Crypto vs. Encryption, "Half-Way" Measures,
Meta-Certification, Reputation Rental, FLAs, Groucho Marx, and a =
Proto-Call
for IFCA Founders.

August 11th, 1996

About a month ago, after the July DCSB meeting, I had a drink with Jon
Matonis, who's in charge of Financial Products for Verisign. We talked =
about
a lot of stuff, but, since he was buying, :-), we talked a lot about
certification authorities (CAs), specifically, financial certification
authorities. Verisign financial certification authorities, to be =
completely
precise.

I have to admit up front that until then, I didn't follow the CA world all
that much. I've been a Web-of-Trust guy, and I still think the world will =
go
to more geodesic trust models sooner or later. The only "certificates" I
care much about are the "digital bearer" kind. In a financial sense, I see
certificate authorities as a way to extend book-entry accounting to the
internet, and I'm more interested in edgier stuff: what I claim will be =
the
re-emergence of cash-settled bearer certificates in the financial markets,
this time in digital form, on public networks. CAs and link-level =
encryption
are just a way, as someone from MIT said to me at MacWorld this week, to
move the old private networks out onto the net, which, to my mind, are the
same thing to digital commerce that derigibles were to aviation. Yes, they
look like ships, which we know all about, and they *can* fly, but...

Anyway, it's clear we're moving from a world of insecure transactions on
private secure networks to one of secure transactions on insecure public
networks. CAs, SSL, and the whole enterprise of encrypting links between
accounting databases seem to be halfway measures to me. They're a way to
create, like our friend from MIT says, a temporary private secure network,
so you can send properly authorized, but still unsecure, book-entry down =
it.
For that "proper authorization", you need the biometric identity a CA
provides, so you can hunt down and jail miscreants who change the wrong =
book
entry. I've even made biometric-identity CA jokes about "X.BlaBla" and
"Numbers of the Beast", and all that.

Which reminds me of something Steve Kent said at the NRC CRISIS report
roadshow this week. He likes to make the distinction between cryptography
and encryption. That is, governments tolerate cryptographic signatures
because they can still read your mail, while they don't tolerate =
encryption,
because, well, they can't read your mail.

Frankly, I see that as a false dichotomy, and I think most crypto people =
do,
too, but, since the major selling point for cryptography to business is =
that
need to keep their book-entries clean, this gives governments a lot of
breathing room. As long as most other businesses (call criminal =
enterprise
a business for the time being) can't read the encrypted link, businesses =
are
happy, and will accept watered-down *cryptography*, not just encryption. =
The
problem, of course, is that *governments* will have the ability to read
those messages, and even forge those signatures, and businesses aren't to
the point where they're sensitive about this.

Given the ubiquity of the invasiveness of modern industrial government in
the affairs of business, not only with respect to regulation, but also =
with
the ability to audit for taxes and other reasons, it may take a while for
business to wake up to their own need for privacy through strong
cryptography. But they will. Governments are made of people, of course, =
and
when it's possible to create enormous financial advantage for yourself by
reading financial transaction data, some of those people will do so, and,
given the ubiquity of networks, they'll be able to get away with it. When
you outlaw crypto, only outlaws have crypto, and all that. However, the
*business* knows they've been robbed, and, since government employees are
the only ones with the power to break the link and forge signatures, =
either
through computational horesepower or key escrow, who are going to be the,
heh, usual suspects? A bad place for a nation-state to be in, it seems to
me. Cleptocracy may work in *some* places, but in general they're bad for
business.

Finally, there's a red herring in all of this, and that's the so-called
exemptions for "financial activity" from much proposed cryptography
controls. So, how do you know what's financial activity and what isn't if =
a
message is encrypted? This doesn't even take into account the fact that, =
if
bearer certificate technology takes off, from micropayments like Micromint
and Millicent, through ecash and on to digital bearer certificates for
foriegn exchange (a $3 trillion daily business), the sheer volume of
encryption on the net, of the strongest possible form, is going to =
explode.

Don't get me wrong, I like the CRISIS report, because they are, to use a
beloved scatalogical expression, inside the tent and er, pointing, out. =
But,
to beat a few more metaphors like dead horses :-), the CRISIS report is
trying to "decompress" government into a world where they can't really
wiretap anymore. To do that, they want to start the bar at, say, 56-bit =
DES
and 1048-bit RSA, and move it up as technology, er, improves. In this, =
they
remind me more of someone trying to shovel uphill against an avalanche. If
you can't sign a mortgage with a signature long enough to withstand 30 =
years
of Moore's law, or encrypt something you don't want others to read for =
that
long, then why do it at all? A little bit of encryption is like being a
little bit pregnant --. OK, OK, I'll give the metaphors a break now... =
:-).

So, we're back in the hotel bar, and Jon was buying, and I'm listening.
(Besides, Jon's an original e$pam subscriber, and he's *still* one, so I =
had
*better* listen.) He has a point when he says that most of the stuff I'm
interested in is out *there* somewhere, and the way you make money is here
and *now*, where the "halfway measures" live. Jon says that as far as he's
is concerned, of all the different kinds of businesses you can use
certification authorities for, banks and financial institutions the low
hanging fruit, and he and his bunch are out there shaking the trees for =
all
they're worth. Go, Jon, go.

So, why *doesn't* Verisign rule the world of financial CAs already? After
all, they have the patents, "modulo" the debate on the legal strength and
longevity thereof. From the standpoint of mobilized resources, they're
literally the only game in town, and, even if they aren't, with a tip of =
the
black cryptographer's hat to Redmond, a lack of uniqueness hasn't kept =
other
first movers from software hegemony before, anyway.

Well, first of all, let's assume the market's already there for book-entry
transactions on the internet (like credit and debit cards, and =
counter-cash
like Mondex). Yeah, I know, "assume a frictionless surface". But, everyone
else around here does, so we'll fiat the issue for the time being. Last
Sunday's "Shoe" cartoon, about the wizard spending $300 in webware =
upgrades
while ostensibly learning to get rich doing web commerce, to the contrary.

Second, we can assume that banks need certification, for all the reasons I
outlined above: In order to move book-entries around the net, you need
*functionally* encrypted links (for the time being, what technology and
governments let us have) and the digital authority to change those
book-entries. Operationally, they may not need strict biometric identity
just to map a signature to an account full of money, but we'll deal with
that some other time.

Now, let's look at what I presume is Verisign's business strategy for
financial markets. They're trying to build a superheirarchy of all those
bank heirarchies, so that those banks can clear trades with each other, on
the net, without using a proprietary network to do it. This is, of course
admirable, if not necessary, if banks want to do internet commerce
efficiently with their customers. It will be necessary when electronic
checks come on line, say, next year, because even though ACH is out there =
on
the other side of those internet-ACH gateways, there might come a time =
where
banks will want to clear checks against each other directly. Having a CA's
CA, CA^2, if you will, will make that possible.

To make this happen, Verisign doesn't want you to be you unless Verisign
says you're you, to paraphrase the old underwear comercial, and that, I
believe, is the problem. Verisign is not paying attention to what it =
really
is: a software vendor. It is not a financial intermediary, which is what
this CA's CA would be, by definition.

A financial intermediary, especially one on the net, is in effect =
"renting"
its reputation to a trade until it clears. It is saying, first and =
foremost,
that the trade will be safe, effectively risk-free, or at least
risk-calculable, to both parties of the trade. What it does to control =
that
risk is almost immaterial as long as it works, but, in this case, it is to
use RSA as the technical means of identifying the parties of the trade, =
with
a link to a "biometric" identity of either party. If you can call it
"biometric" for a financial institution. The financial institution then, =
of
course vouches for the contents of the particular account being offset, =
the
book-entries swap, and the trade is over.

Like flying an airliner, of course, this is the easy part. If the trade is
broken, what does Verisign do? Of course, it can refuse to do trades with
the offending party. It can even call the law. The former is much more
powerful, however, and, frankly, it's the only enforcement mechanism which
we'll be able to use someday anyway. Physical force costs a lot to use, =
even
if you can buy it wholesale, at the government rate.

Fortunately, this kind of "club", as Eric Hughes calls it, is the
predominant way of renting reputation in the financial community. Think of
NYSE, or NASD, or CBOT, or NIDS, or SIAC, or any other FLA. ;-). (Yes,
there's DTC, and CUSIP, and Other-Letter-Acronyms too.) They're pretty =
easy
to set up. Verisign itself is *not* how to do it, however. They would to
*sell* to this reputation-rental entity.

Every one of the above entities is an association
(not-necessarily-non-profit), or, more usually, a member-owned =
corporation.
So, with that in mind, internet financial institutions like banks could
create an association or member-owned corporation, which would "rent"
reputation and function as a financial intermediary between members.
Obviously we shouldn't restrict membership in this organization to just
depositories like banks, because non-depositories will be significantly
involved in internet commerce. See Phil Webre's CBO study on electronic
retail payments for more on that.

Here is one way that could be done. A bunch of banks -- and non-depository
financial intermediaries, like digital cash underwriters / trustees, =
payment
gateway companies, (someday maybe Millicent brokers and MicroMint issuers)
- -- could get together, purchase shares for startup money, and form a
certification authority for themselves. Revenue could come from processing
and membership fees. They could then contract with Verisign to build their
system. Of course, they could contract with someone else, too, but I =
expect
that Verisign is in the best position to do this at the moment. In =
addition,
Verisign would probably be the technology of choice for the subordinate
certification heirarchies those financial intermediaries use with their
customers. Pretty lucrative, but it is also tempered by whatever patent
lifetimes Verisign has hanging over its head.

Here's what that gets us. We get the ability for any member to clear any
trade of any agreed-upon financial instrument (subject to legal
restrictions, of course) with any other member, no matter where they are =
in
the world, using the internet as the transport mechanism. Very powerful
stuff indeed. In fact, this *organization* can be located anywhere, which
gets really interesting, but we'll save that for some other discussion.

Notice that I'm not saying that this would be a monopoly. Just like =
several
countries have multiple stock and commodity exchanges, there will probably
be multiple financial certification associations like this one. In fact,
that's the core of a good prima facie name. The Internet Financial
Certification Association. Nice ring to it. Four-Letter Acronym, too.

I also expect that these kinds of "heirarchies" will probably devolve into =
a
geodesic, too, but they'll probably survive the change, because there'll
always be a market for, er, inter-mediary intermediation. I feel vaguely
like Frege, or Russell, or Goedel here. Maybe (Groucho) Marx?

So. Like most internet enterprise ideas, all it takes is a mailgroup, and,
later, a meeting (I can think of this *nice* time and place in Anguilla
;-)), to set this up. Obviously, the membership/shareholders of the =
proposed
IFCA should be companies, and the management of this enterprise should =
come
from the membership, or at least hired by them. Any individuals (like
myself, for instance) who participate at this stage are just kibbitzers
along for the ride, unless they're planning to be an internet financial
institution, of course. :-).

As a sort of test of the idea, I've gone and set up yet another mail-group
on thumper (<mailto://majordomo@thumper.vmeng.com>, with " subscribe ifca =
"
in the body of the message) to discuss it. We'll move it someplace else
later, if necessary. If there's enough interest from the right people,
expect a call for founders sometime soon. If there isn't, it'll sink
without a trace, as
it should.

So, if you, or anyone you know, is part of a financial institution =
involved,
or wishing to get involved, in financial transactions on the internet, =
pass
this rant along to them. Well, maybe not the *whole* rant, it might scare
them. :-). But enough necessary to give them the idea, anyway. I expect =
that
the places I put this rant will probably be enough to get critical mass =
for
the mailgroup, at least, and we'll take it from there.

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
-- Punishment, 100 times on a chalkboard,
for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/