Intrinsic Certification at a glance, part I

Ed Gerck
http://mcwg.org/mcg-mirror/icert1.htm
© E. Gerck and MCG, 1998.
All rights reserved, free copying and citation allowed with source and author reference.
This message was originally sent (unformatted) to the MCG-TALK list server, 22.May.98
 
 

INTRODUCTION

This is the first essay, in a series of short communications that intend to be a "road-guide" for developers, security specialists and users, into the subject of Intrinsic Certification and their implementation by Meta-Certificates.

The series will also necessarily touch upon the central issue of trust, which will be shown to be "that which provides meaning to information" and which constitutes a new type of measurement, in my treatment of it: how to rely upon actions at a distance. Thus, trust is as essential as information and can afford an answer to the problem of measuring events that are important, significant but which are unreachable -- as strongly exemplified in the Internet.

Before I open the series, it is perhaps worth noting that Intrinsic Certification, Meta-Certificates and Trust Theory as they are conceived in this series (and in former papers and mcg-talk messages of the author and colleagues) are sober and modest disciplines which have no pretension of being a universal patent-medicine for all the ills and diseases of mankind, whether imaginary or real. You will not find here any remedy for hair loss or illusions of grandeur, class conflicts, capitalism or neo-liberalism. Nor are these papers and concepts a device for establishing that everyone except the author and his friends are speaking nonsense. To which disclaimer the author gratefully acknowledges a contribution from Tarski.
 

Part I

To the Internet user, cryptographic and certification methods are not only almost impossible to understand -- they are even misleading.

Clearly, if even experts are oftentimes baffled by the ever new attacks, discovered misconceptions, hidden fallacies and legal subtleties around methods that purport to provide for secure worldwide network traffic, then the average user is not in a position to make a better choice than the security specialists -- and, in fact, may easily confuse issues.

What is a reference? Why cannot a reference provide meaning by itself? What is meaning? What is trust? Do I need trust? What is a certificate? What is warranted in a certificate? What is warranted about the certificate data? Warranted by whom under what liability? For which countries? Why are provably unsecure methods still in use? Do I really have to sacrifice my privacy in order to achieve security, or is there an alternative?

To help resolve these issues and to provide for technical answers, the MCG was born.

However, the MCG does not hope to educate the world or to develop each person into a security expert. Such view would require a degree of evangelism which is clearly only useful in a small parish. Instead, the MCG fosters public discussions that work as public feedback from a small percentage of the world population -- currently reaching into 26 countries -- and taking a small but perhaps statistically significant sample of it. The objective is to develop a security lingua-franca that will help solve today's certification, security and privacy problems.

This work will be contained in a series of MCG Standards. What are the first ones?

The first MCG Standards present non-parochial and provable solutions to the questions above. The first one, called MCS, is currently under development and includes a method called Intrinsic Certification -- which is implemented by code within a general certification solution called Meta-Certificate. MCs also interoperate with any known certification method such as X.509 or PGP, so that users are not cornered into YAPKIs (Yet Another PKI) or YASs (Yet Another Standard) and can interoperate with what they already have.

The Intrinsic Certification protocols and source-code will be presented for public scrutiny, as a function of the ongoing work within the MCG. It is a public commitment that such protocols and algorithms will not be patented but the source code, documentation and protocol description will be licensed under copyright agreements, by the MCG.

The main work is contained in a private paper written by myself last year and which is being unfolded by myself and by a collegiate of helpers and co-authors -- with a permanent invitation for enlarged participation. This development is being done within public discussions as much as possible -- as each development step is documented and finalized. The breadth and scope of the already published papers and mcg-talk discussions speak of the various development fronts where new ground must be broken into.

However, to the user, such developments are of little value.  The technical details are not important to users and certainly utterly beyond their average field of work -- however, they need to be trusted by the users. And such trust will be built by full publication of all source-code -- which will allow the public to eventually perceive that the protocols have nothing to hide and that they work fine.  In the same way that a plane's pilot can trust the plane's inertial navigation system defined by laser gyroscopes, also when it is foggy at night -- because they have proved they have nothing to hide and they work fine. Even though neither the passengers nor the plane's pilot may have any idea how a laser works and how laser light can measure rotation without an external reference (and, to really understand all the reasons behind laser gyroscopes and inertial navigation would most surely require a Ph.D.).

This series, however, will "open the hood" and allow an inside view of intrinsic certification requirements and principles.

The next message will deal with capital questions and answers -- looking into the following two main problems, as I define them:

A. The NPR Certification Problem:

B. The NPR Security Problem: The answer to both problems is YES and the collection of protocols and algorithms that allows such answers is called "Intrinsic Certification"  because either problem does not use outside references such as keys or trust on a third-party, e.g. a Certification Authority. Methods that would use any external reference (keys, trust, etc.) supplied either as a function of time (i.e., trust on self-issued certificates) or parties (i.e., trust on a CA issued root-certificate) are called extrinsic.

(to be continued in the next message, Part II)