[Subtitle:"Identity, Authentication, & Dunkin Donut Mysticism."] At 12:18 AM -0400 on 10/23/98, Vin McLellan, speaking for legions of SDTI/RSADSI fans (and, evidently, retainers), wrote:
Hettinga's apparent scorn for modern cryptography's obsession with strong authentication -- now manifest in the intensity with which professionals worry the issues around PKC binding, key certification, digital signatures, CA procedures (and in the demand for smartcards to secure X509 certs apart from the networked CPU) -- bespeaks a truly iconoclastic mind.
At which, Mr. Hettinga took a bow ("Thank you. I think.") and proceeded to argue for his Vision, yet again:
Look, folks, "strong authentication" is not the problem. It's biometric *identity* which is the problem. Cryptography gives us the ability to do away with "identity"-based key-mapping altogether. A key is a permission to do something specific with a microprocessor, no more, or less. It doesn't "mean" anything else. Certainly, if you go back and look at the actual, legal, definitions of "signature", or "certificate", they don't mean what people like Verisign (or say, the State of Utah) says their authentication technology does.
But what if we don't _want_ to lose the link between a key (think of it as a secret) and the identity of a biological entity? What if -- instead of anonymity -- our goal is accountability? Truth is, I don't think we're reading from the same page here. (Or maybe, more to the point, we've been working in different dimensions.) It strikes me that while Mr. Hettinga and other e$ seers may have spent the past decade considering how to allow transactional exchanges to escape a human linkage, most professional sysops and network managers have been concerned with how to strengthen the linkage between on-line accounts, actions, and audit trails -- and the humans to which a user's account has been assigned. In this context, any capacity of modern cryptography "to do away with 'identity'-based key-mapping" is irrelvant or worse. The mechanics of "user authentication" -- validating that a remote human is indeed the same human earlier enrolled and assigned a user account on this computer system -- are the foundation of whatever we know about computer and network security today. It may be that the structure and requirements of contemporary corporate networks are irrelevant, just so much background babel, to e-commerce visionaries like Rob and others on the e$ lists. This is a problem in both cultures. Mr. Hettinga intones:
Software will be utterly replicable and will be sold recursively, and untraceably, on a bearer basis, primarily because that's the cheapest way to safely trade money for information on a ubiquitous geodesic public network.
... and I nod, a closet Hettinga fan. I trace the outline of his spiel in my mind like an M.C. Escher tessellation: bug-free software, stateless utopias, and buyers careless of liability. Charming. 2lst Century stuff. Maybe. Maybe not. Then I turn back to the bet-your-business questions of data and system security, where (even with a batch of theory that is universally accepted) implementation hassles routinely swamp practioners. The mundane management and control issues associated with system and network access, and the range of privileges granted to an on-line entity, remain a vexing problem. The difficulty and sometimes the cost of managing reliable "user authentication is an issue;" more often, however, the core problem is that the owners of systems and networks aren't convinced the value of the data and systems they have online deserves a per-user security investment equal to, say, a modem. User Authentication, not coincidentally, is the business of SDTI. In large part because of the magic of RSA and PKI, the mechanical and virtual options for user authentication are changing, even as the fundamentals remain the same. In enterprise networks; in extended Extranets; in business to business connections that replace, enhance, or mimic EDI -- there is great hope that scalable PKI will allow not only confidentiality and strong authentication, but also the other cryptographic services possible only thru public key cryptography: digital sigs for message and source authentication, non-repudiation (with a trusted Current Time source), and confidential communications between parties which have had no prior contact. Nitty-gritty wonderful stuff. PKI (and the "'identity'-based key-mapping" that Mr. Hettinga is so eager to do away with) are viewed with great hope among many if not most IT professionals. Corporate security managers hope that the utility and power of PKC's extended capabilities will define this security technology as an "enabler" -- something users want because it makes their work easier -- rather than the auditor-mandated burden that security mechanisms have traditionally been. For 30-odd years, info security professionals have used a model which declares that there are only three ways for a machine to validate or authenticate that a remote human is the person who was initially identified and enrolled (by a trusted Admin) as the user authorized to use a computer account: _"something known," a memorized password or PIN; _"something held," a physical token that can be carried as a personal identifier; or _"something one is," a biometric like a fingerprint or voiceprint. Graybeards like myself tend to filter all the rumpus about corporate PKIs and global/local keys through this traditional model -- if only because many crypto mavens seem so thoughtless about leaving a potentially powerful piece of data (an PKC private key) relatively unprotected on a PC or networked workstation. The industry's traditional definition of "strong" authentication demands that an authenticating CPU require direct evidence of at least two of the three modes of ID authentication before a user is allowed access to protected resources. (The idea is that an attacker would have to subvert at least two independent systems to corrupt the authentiation.) [For those unfamiliar with the company, SDTI's bread and butter business is this two-factor authentication. The company is best known for the three or four million SecurID tokens it has shipped: key fobs or credit-card sized tokens which continually and automatically hash a secret seed and Current Time to generate a 6-8 digit alphanumeric "tokencode." [SDTI's authentication server, called an ACE/Server, manages the records of tens of thousands of concurrent SecurID holders and validates or rejects two-factor authentication calls (a tokencode and a memorized PIN) which are relayed through a network of outlying ACE/Agents (which are often embedded in other third-party network products.) Due to the popularity of the SecurID with users, ACE/Agents are all but ubiquitous. Virtually all commercial VPNs, firewalls, communication and terminal servers -- multiple product lines from some 60 independent vendors, from Oracle to IBM -- ship with ACE/Agent code embedded in them. See: http://www.securid.com/partners ] Meanwhile, for one possible future, Mr. Hettinga promotes a crypto-anarchic buyer/seller paradigm:
...control of a given cryptographic key is completely orthogonal to the idea of identity. You can map an identity to it, but you don't have to, because possession of the key is "permission", "authority", enough, all by itself. *Who* you give permission to, by name, fingerprint, or physical address, doesn't matter....
Ummm. *Who* matters a great deal to the pros who run today's networks. Security, audit, and accountability all presume a firm grip on who is on-line and what he's doing. (Different dimensions, right?) For access and privilege managment in PKI-enhanced corporate network, most of us want -- at the very least! -- an RSA key/secret firmly mapped to a user/identity. [Mind you, until that private or secret key is further protected by being encased in a token-like smartcard or PCMCIA card -- and until that smartcard _also_ requires a memorized password or PIN to access or use that key -- veteran network or system managers will never be comfortable with a PKC-based authentication...despite the wonderfully grandular controls PKI can offer on networked resources. Truth is, we all know that networked PCs are risky platforms -- so until _all_ the crypto processing is shifted off the PC to the isolated smartcard, infosec pros will worry and kvetch. Expect it.] Readers who have the patience to read Rob's essays are probably still with me, so let me point out that this cross-dimensional cat fight only began when Mr. Hettinga stomped on SDTI and used the companies' recent travails in the stock market as a launching pad for another essay into the stratosphere. Were the original post a discussion of the Dow, or even SDTI's stock price, I'd just duck and run. (Frankly, I don't understand the stock market... and, unlike Mr. Hettinga, I don't have a great deal of respect for the opinions that seem to inform it. To me it's mostly tulip speculation. Mr. H's pal, "Anonymous" -- who made his bones with the declaration that SDTI's ACE/SecurID authentication system is doomed because it is ten years old -- was offering what many brokers refer to as an in-depth analysis;-) I only challenged Mr. Hettinga because his initial comments about SDTI seemed to indicate such vast ignorance of the contemporary security market. No one who knows anything about SDTI and that market would say that the only thing SDTI has that is worth anything is its stake in Verisign (and, of course, it was Rob, not the Globe, who said that.) In the absence of ubiquitous smartcard readers, it seems to me equally foolish to declare that X509 certificates make SecurID and similar two-factor tokens "obsolete" (and, of course, it was Rob, not the Globe, who said that too.) "Close enough for an Internet rant" doesn't cut it as an apologia -- not when a prominent commentator smears a public company on a half-dozen widely-read Internet forums. (Meaning no insult, Rob, but there is a modicum of responsibility that goes along with all those seats at the front table.) Seemingly piqued by the response to his initial comments, Mr. Hettinga then got down to a little bare-knuckle company valuation:
In the meantime, Vin, hang on to your SDTI stock, but probably just for it's residual value to some future investor, like SDTI evidently bought RSADSI for its own residual value, and, aparently, for whatever mystical value the market now puts on Verisign.
What SDTI _does_ have -- as even the Globe's thumbnail sketch acknowledged -- is a huge installed base and the stature of a sophisticated market leader in a dynamic market. SDTI also has a trust relationship with its customer base, the corporate network managers, that is the envy of many real or potential competitors. (RSADSI, the SDTI subsidiary, is rather tight with its customers -- the commercial software developers -- as well. Both firms have also excelled at developing mutually- advantageous partnerships with multiple companies.) For most of the 1990s, SDTI has also fielded the largest dedicated sales force in the world selling computer security. Against a field of a half-dozen competitors who sell two-factor authentication systems, SDTI owns over half the market. Among the choice corporate customers who have installations with more than 1,500 seats, I'd guess SDTI has over 70 percent of the market. Among the Fortune 100, two-thirds of them rely on SecurIDs and ACE authentication servers. Potent evidence of SDTI's stature among its customers is in the results of a recent survey of hundreds of NT network managers by the highly respected SANS Institute. See: http://sans.org/powertools.htm Check out what vendors and security technologies they trust most. Check out what percentage of SDTI's current customers recommend the company and its products to others! Entrust, NAI, SCC et al would kill for those 90-plus percent numbers;-) And the same survey, done today, would probably earn SDTI even higher marks with their new PKI-based Domain Authentication for NT. Quiz: What dbts market commentator airily preaches: "[If] you don't go looking for money anywhere but in your customer's pockets, you'll do just fine." It couldn't be the same guy who's now reeling off these pious but opaque little fables, could it?
So, right now, after all that, um, exercise, SDTI/RSADSI/Verisign reminds me an awful lot of that old joke about the two old Texas spinsters who, walking down a dusty road, came across a talking frog claiming to turn into an oil baron, if only one of them would kiss him to prove it.
"A talking frog", said one of them, putting the frog in her apron pocket, "is worth something."
(Hummmm. Betcha froggie -- even if he just wanted a kiss -- would have taken the time to find out something about the oil business before he claimed to be an Oil Baron. Not all self-declared market analysts are so meticulous;-) There are folks who are certain that Y2K will be blessed with the Second Coming. And then there is Mr. Hettinga, Anonymous, and others who have a gleeful vision of doom, debt, and dismal ROI for Security Dynamics. I find both suspect. Luckily, in both cases, we can get the truth (or at least a consensus one way of the other) within a year or so. I wouldn't want to wager on the Lord's Schedule, but in the case of SDTI's fortune and fate -- well, either the Doomsday Prophet or the Optimistic Courtier will be proven a fool fairly quickly. (What's say, Robert? A New Millenium wager? Winner gets his choice of either a case of decent wine or a box of hollow points on 01/01/00?) Suerte, _Vin ----- Vin McLellan + The Privacy Guild + <vin@shore.net> 53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548 -- <@><@> --