Re: dbts: Cryptographic Dog Stocks, The Dirigible Biplane, andSending the Wizards Back to Menlo Park
Jeeez, I hope no one else sprained a finger getting the current stock price for Security Dynamics (SDTI). Robert Hettinga <rah@shipwright.com> took certain, ummm, dramatic liberties as he paraphrased a Boston Globe column yesterday on Bay State stocks that had "been discounted so deeply they raise eyebrows." Said Mr. Hettinga:
It seems that Security Dynamics, trading at about 6, about >10% or so of its high, is now considered an official dog >stock as defined by today's Boston Globe.
What the Globe actually said was: "Security Dynamics Technologies Inc. of Bedford, a leader in computer security and encryption, has fallen from an April high of 42 1/2 to 12 yesterday. It traded as low as 6 two weeks ago." Said Mr. Hettinga:
mention SD buying RSA, but they forgot to mention anything >about the RSA
Anyway, most of the comments in the article were about SD's >hardware token technology being made obsolete by digital >"certificates". (The Globe's quotes, but I agree with them. >Just like I put quotes around digital "signatures", which >are nothing of the kind, though I haven't heard of >something better call *them* yet, either.) The Globe did patent expiring soon. About the only thing >they said was valuable about SD was their share in that >roaring success, Verisign, Inc., who, the Globe seems to >imply, is evidently the sole marketer of those self-same
digital "certificates". I wonder what Thawte, CertCo, >Entrust, etc.made of *that* comment...
Hmmmm. What the Globe actually said was: "Security Dynamics made money for years selling authentication systems for corporate computer users and later acquired RSA Data Security, an Internet encryption leader. Now its original authentication products are being challenged by new technology using so-called ``digital certificates'' to make computer communication and commerce secure - a serious problem that has hurt the stock. "But Security Dynamics, with a current market value of about $490 million, could still offer a bigger company a leading position in the important computer security field and a huge embedded customer base. "Security Dynamics also owns a stake in Verisign Inc., a competitor in the digital certificate field. The company's cash and its investment in Verisign amount to about $6.50 per share, slightly more than half the stock's current price." Hettinga essays are like handball games: the damn ball is ricocheting off the side walls, both ends, the floor and the ceiling. Linear coherence and internal consistency are less important than the electrostatic energy and the rolling rhetorical thunder -- so hey, no big deal if he's a little frisky and expansive with the facts, right? For the full Globe article, cut & paste this URL: <http://www.boston.com/cgi-bin/passiton.cgi?globehtml/294/Among_Bay_State_s_b... ered_tech_fir.shtml> Wall Street has not been kind to SDTI, from whom I have collected many checks for contract assignments over the years. Mr. Hettinga's explanation of the market's dynamics is, at the very least, guaranteed to stimulate. Hettinga's apparent scorn for modern cryptography's obsession with strong authentication -- now manifest in the intensity with which professionals worry the issues around PKC binding, key certification, digital signatures, CA procedures (and in the demand for smartcards to secure X509 certs apart from the networked CPU) -- bespeaks a truly iconoclastic mind. What tucked me in for the night was the declaration -- from R.H., the avatar of DBTS, e-cash, and geodesic recursive auctions -- that (venture) capital is or will be counterproductive to entreprenurial enterprise in the New Age. Un huh. Doomed, as well, by the hesitation inherent in the merely human minds that control its flow (at least in Rob's universe of cybernetic fiscal structures.) Said Mr. Hettinga:
It's beginning to look like venture capital is an industrial phenomenon, requiring correspondingly long ramp-up times, and it may be that geodesic markets move too fast for any "consensus" of the investment community to be achieved and, um, capitalized upon, soon enough to make money on a consistent basis, or at least in the presence of a savvy management team.
Gotta love a guy who can write a sentence like that, knot and and double-knot it into a gangly tapestry -- and then glue the whole thing across a wonderful image like a "dirigible biplane." (That's a Hettinga vehicle is ever there was one. Even in the imagination, it pushes or pulls large amounts of gas around in an unusually muscular way;-) Suerte, _Vin ----- "Cryptography is like literacy in the Dark Ages. Infinitely potent, for good and ill... yet basically an intellectual construct, an idea, which by its nature will resist efforts to restrict it to bureaucrats and others who deem only themselves worthy of such Privilege." _ A Thinking Man's Creed for Crypto _vbm. * Vin McLellan + The Privacy Guild + <vin@shore.net> * 53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548
At 12:18 AM -0400 on 10/23/98, Vin McLellan, speaking for legions of SDTI/RSADSI fans (and, evidently, retainers), wrote:
Jeeez, I hope no one else sprained a finger getting the current stock price for Security Dynamics (SDTI).
:-).
Robert Hettinga <rah@shipwright.com> took certain, ummm, dramatic liberties as he paraphrased a Boston Globe column yesterday on Bay State stocks that had "been discounted so deeply they raise eyebrows."
Memory is a terrible thing to waste. It was midnight. The newspaper was in the trash in a Dunkin Donuts in Malden somewhere. So? Shoot me? :-).
"Security Dynamics Technologies Inc. of Bedford, a leader in computer security and encryption, has fallen from an April high of 42 1/2 to 12 yesterday. It traded as low as 6 two weeks ago."
Close enough for an internet rant, I figure. If I though I needed a fact checker, I should go write a column for the Globe, right? Frankly, besides the Globe's greater-fool valuation of Verisign, which I seem to have left in that wastebasket in Malden where it belongs, I can hardly tell, in any gross sense, the difference between what I said about SDTI/RSADSI/Verisign from memory and the extended quote Vin blessed us with, which I have gratefully snipped here for brevity. Again, I didn't say that SDTI wasn't making money, or even that it didn't have a significant amount of cash on hand relative to its book value. Which, because I'm not looking at their annual report, I don't know for a fact, so don't, um, quote me; I only know what I remember from the papers. If in fact SDTI did have a large cash hoard, it would make it a buy even in Ben Graham's book. Which I said, if you remember. Okay. I inferred it. Maybe. :-). My point was, even in these days of sky high multiples, the market is deeply discounting SDTI to the "consensus" estimate of its future cash flow. Given SDTI's patent standing, and the extreme amount of substitutive competition for the patents it does control in the long term, the "consensus" opinion seems fair to me, including valuing the company, yes, it *was* two weeks ago, lower than the "value" of it's Verisign investment alone.
Hettinga essays are like handball games: the damn ball is ricocheting off the side walls, both ends, the floor and the ceiling. Linear coherence and internal consistency are less important than the electrostatic energy and the rolling rhetorical thunder
Marvellous. Glad to give you the exercise. I had fun writing it. Nice to know you had fun chasing my shots all over the court like that. Should I spot you a few more points next time, just to make it more interesting?
Hettinga's apparent scorn for modern cryptography's obsession with strong authentication -- now manifest in the intensity with which professionals worry the issues around PKC binding, key certification, digital signatures, CA procedures (and in the demand for smartcards to secure X509 certs apart from the networked CPU) -- bespeaks a truly iconoclastic mind.
Thank you. I think. Look, folks, "strong authentication" is not the problem. It's biometric *identity* which is the problem. Cryptography gives us the ability to do away with "identity"-based key-mapping altogether. A key is a permission to do something specific with a microprocessor, no more, or less. It doesn't "mean" anything else. Certainly, if you go back and look at the actual, legal, definitions of "signature", or "certificate", they don't mean what people like Verisign (or say, the State of Utah) says their authentication technology does. No offense to the august people who coined those appelations, including Whit Diffie, et. al., but the words "signature", or "certificate" just don't cut it, because they cause more confusion than they may be worth. (Just like "digital bearer settlement"? ...Naww... :-)) Anyway, control of a given cryptographic key is completely orthogonal to the idea of identity. You can map an identity to it, but you don't have to, because possession of the key is "permission", "authority", enough, all by itself. *Who* you give permission to, by name, fingerprint, or physical address, doesn't matter. And, possession of that key is *only* a function of cryptography and networks, and not law or biology. And, so, the *only* time you need a biometrically-identified key is when you're doing a book-entry transaction, which has been my point in this whole discussion. You can't send someone to jail for making the wrong book-entry unless you know who they are, of course. Fortunately, that will change someday, and probably sooner than most people in the transaction settlement business realize. Frankly, the only people who need to know someone's physical identity, or care about it, are the people who put money at risk in the first place, and only until the transacted money in question is in their firm control. The shorter a transaction's latency, the less you care who you're doing business with. Ultimately, if you're doing an instantaneous digital bearer transaction, you don't care at all, because it's underwriter validates the authenticity of the certificate (real use of the word) at the time of the transaction, and not the person who's giving them to you. Even your trust of the underwriter is driven by the reputation of the underwriter's *key* and not your knowlege of where the underwriter lives, right? I mean, you can trash the reputation of the underwriter just by presenting cryptographic proof of of the underwriter's fraud, making the underwriter lose more, on a net present value basis, than what he would gain from the value of the transaction in question, or even the pool of money in his reserve account. Besides, ultimately, creating hierarchies of "certificates" of those key-to-person maps, ala Verisign/X.BlaBla, is not only a waste of time economically, it's downright logically impossible. You run right into Russell's paradox and Goedel's result, for one thing. At the very least, you remove all the flexibility which makes the technology useful in the first place. So, yes, it's just like putting a giant hydrogen bag on a biplane in a misguided effort to make it fly better (to beat my metaphor like a dead horse). :-). Even Verisign, or Entrust, and certainly not Thawte, don't claim to sell certification hierarchies anymore. Probably because they ran smack-dab into a bunch of consistance/completeness paradoxes in trying to doing so. The only economical solution, is, of course, short-span *local* trust networks, where self reference is not a problem because the network makes no pretensions at completeness. Where a buyer trusts the seller's reputation to his own satisfaction because people *he* trusts say so, and, more important, the known public reputation of the seller is a good one. Certainly not that stranglehold on everyone's internet identity which is at the heart of whatever valuation the "consensus" currently wants to put on companies like Verisign. By the way, an economical solution to the problem, where the seller doesn't have to trust the buyer at all is, of course, digital bearer settlement. Anyway, this mystification of identity, particularly on an internet where it will prove economically foolish to do so, is what I have against the whole X.BlaBla, Grand Unified Human Namespace Hierarchy folks. They're chasing unicorns through the mists of Avalon, in my opinion. In the end, the only relations established by keys to other keys on the net will be *economic* ones, and I guarantee that the structure of *those* relationships, once mapped, will *not* be hierarical, and only unified on a relational basis, in the same way that free economies now function. Nor will the primary purpose of those keys be to find whatever physical person is controlling a given key at any point in its (probably short) lifetime.
What tucked me in for the night was the declaration -- from R.H., the avatar of DBTS, e-cash, and geodesic recursive auctions -- that (venture) capital is or will be counterproductive to entreprenurial enterprise in the New Age. Un huh. Doomed, as well, by the hesitation inherent in the merely human minds that control its flow (at least in Rob's universe of cybernetic fiscal structures.)
Well, I suppose if I can play fast and loose with the contents of the august Boston Globe in the middle of the night, you're welcome to mischaracterize me in the same fashion, but I hope I'm forgiven if I try to patch it up here, just a little bit. I think that venture capital spends most of its time thinking about how to establish industrial-era monopolies on intellectual property in a world where, eventually, it is only wetware -- skill, if you will -- that will matter. Software, hardware, and resources will ultimately be dependant activities and will decrease in relative value over time. Software will be utterly replicable and will be sold recursively, and untraceably, on a bearer basis, primarily because that's the cheapest way to safely trade money for information on a ubiquitous geodesic public network. Given that the price of information is rediculuously time-driven, the price-structure software markets will be such that not only will the only people who make the most money be people who actually *write* software and not hire it done, and that software will be sold in smaller and smaller bits because the transaction costs will be so low (hey, don't believe me, believe Ronald Coase :-)), but, finally, the only way to make *new* money is to create new software which sells. So, no software monopoly opportunity there, because, you need wetware to make software, and, in a world of totally anonymous, and cash transacted, free agency, fun legalistic attempts at physical control, like non-disclosures and non-competes, not to mention copyright and patent, will eventually be laughably un-useful. Eventually, hardware itself will be "made" using software, and the machines which fabricate hardware itself will themselves be dependant on software for their own construction. The price of manufacturing falls as a result, becomes geographically hyperdistributed, and, of course, nobody can control the production of software, see above. So, no permanent hardware monopoly there. Resources are, even now, discovered, grown or extracted using the best possible information, and in the long run, the best possible software. The ownership of land, therefore, will be *economically* determined by who has the best information or software to use it with. Notice that even with a finite supply of land, the value of a given piece of land's output, in real prices, has consistently fallen over history, because the value of the information used to generate that output falls over time as well, and the productivity gains from the use of that information are relatively permanent and cumulative. So, no permanent resource monopoly opportunities in resources, either. Ask your average aristocrat, or even a farmer, if you don't believe me. :-). So, yes, I'll let people quibble about how long "eventually" means, or even what their definition of "is" is :-), and, in that rather large economic lacuna, you could drive several late-industrial fortunes through, and we may or may not need venture capitalists to exploit on those market inefficiencies, right now, today. Nonetheless, we converge to a world where venture capital is a waste of time, and, I think that businesses like Yahoo, and several other internet ventures whose revenues are not under water, are proving that. For most first-mover internet companies, the continued interest of venture capitalists in your company may be, like cocaine, god's paradoxical way of telling you you're making a lot of money. The quest for economic rents is at the heart of any economy, certainly, but I think that, sooner or later, venture capitalists will simply be in the way between producers and the retained earning their customers are too only happy give them. Any requirement for equity itself will probably be underwritten directly to the public someday, and, if you want to call the intermediaries who underwrite that, what, micro-equity(?), "venture capitalists", you'll get a lot of argument from the people who already do equity underwriting today, the investment bankers. So, you're right, Vin. I *am* blaming venture capitalists for eventually not being able to think fast enough to keep up, and that, someday, most underwriting of equity itself will be an extremely automated process. Hell, most investment bankers themselves will tell you that underwriting is so mechanical these days that the only real money's in mergers and acquisitions, anyway.
Gotta love a guy who can write a sentence like that, knot and and double-knot it into a gangly tapestry -- and then glue the whole thing across a wonderful image like a "dirigible biplane."
(That's a Hettinga vehicle is ever there was one. Even in the imagination, it pushes or pulls large amounts of gas around in an unusually muscular way;-)
Thank you. Insult me any way you want, as long as you spell my name right, I guess. Dismissing me personally as an iconoclast doesn't dismiss what I've said, certainly. In the meantime, it's nice to know that I can say something about a public company in passing on a few email lists and drive so many of its shareholders, employees, and retainers to such vigorous distraction. My phone was ringing off the hook yesterday, which was, certainly, a lot of fun. In the meantime, Vin, hang on to your SDTI stock, but probably just for it's residual value to some future investor, like SDTI evidently bought RSADSI for its own residual value, and, aparently, for whatever mystical value the market now puts on Verisign. It's just a shame that RSADSI didn't just license all that cool crypto to the developers outright and make a whole lot more money, rather than playing dog in the manger with it for so long, up to, and probably including, calling the down export control Feds on a hapless kitchen-table crypto developer named Zimmermann. So, right now, after all that, um, exercise, SDTI/RSADSI/Verisign reminds me an awful lot of that old joke about the two old Texas spinsters who, walking down a dusty road, came across a talking frog claiming to turn into an oil baron, if only one of them would kiss him to prove it. "A talking frog", said one of them, putting the frog in her apron pocket, "is worth something." Cheers, Bob Hettinga ----------------- Robert A. Hettinga <mailto: rah@philodox.com> Philodox Financial Technology Evangelism <http://www.philodox.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
At 5:02 PM -0500 on 10/26/98, Vin McLellan wrote:
(Or maybe, more to the point, we've been working in different dimensions.)
Right. Exactly. Attacking flatland from the third dimension has always been my special curse. :-). <Excellent visit to X.BlaBla Wonderland elided...> I hope if I can be excused if I don't want to chase you down that particular rabbit-hole anymore, Vin. Sorry to disappoint, but there are *lots* of other, more qualified people around to walk through *that* particular looking glass, to mix my metaphors like a doormouse. I'm interested in *lots* of other stuff besides the traceability of "on-line" audit trails and mapping meatspace book-entry transaction processing to the internet like so much financial shovelware. I will, however say, once again, that you can have reputation in cypherspace without any biometric "identity" whatsoever, modulo the footprints we all leave when we do stuff anyway. I wrote a rather extended rant about this a while ago, in November or so last year, and everyone on these lists has seen it. (Some, unfortunately, more than once. :-).) Let me know if you want to send it to you under separate cover, and, if memory serves, it may even be on the old Shipwright site, <http://www.shipwright.com>. Anyway, if you'd like to talk to someone who'll take up the cudgel, you might want to talk to folks like Carl Ellison and Perry Metzger, who just did an entire session at the USENIX electronic commerce conference on just this kind of stuff. They're much more, um, curioser and curioser about key/identity orthogonality than I am. :-). I just assume what they more or less prove, to my own satisfaction. I think I've said all I care to on the subject. And watch out for the little blue mushrooms. The visuals last for days... Cheers, Bob Hettinga PS: I would note, by way of a plug, that the DCSB meeting next Tuesday will probably be a *great* place to talk about this, as Dan Geer from CertCo (speaking of the USENIX electronic commerce conference) will certainly be talking about this kind of thing -- and other such fun stuff. ----------------- Robert A. Hettinga <mailto: rah@philodox.com> Philodox Financial Technology Evangelism <http://www.philodox.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
At 06:02 PM 10/26/98 -0400, Vin McLellan wrote:
No one who knows anything about SDTI and that market would say that the only thing SDTI has that is worth anything is its stake in Verisign (and, of course, it was Rob, not the Globe, who said that.)
I've been waiting for somebody to mention that (according to www.ncipher.com) one of the primary investors in Ncipher, which is the company Bob touted in the rant that started this thread, is none other than SDTI. They also list investments by Newbridge and no less than three V.C. companies. Seems at odds with Bob's claim that they "used little, if any, venture capital money". However, I have not information about the history or extent of investment in this company, so I bow to Bob's insider knowledge. (Bob, I thought you were going to stop posting insider knowledge to this list. Or was it that you were going to stop NOT posting ...) As an aside about Ncipher, while I am sure they are smart guys and will do well, isn't a hardware crypto engine pretty much a commodity product? How can a company like this resist an onslaught from an IBM or an Intel if they decided this niche was large enough to go after? Regards, Hal ==================================================================== Harold W. Lockhart Jr. PLATINUM technology Chief Technical Architect 8 New England Executive Park Email: Harold.Lockhart@platinum.com Burlington, MA 01803 USA Voice: (781)273-6406 Fax: (781)229-2969 ====================================================================
At 06:02 PM 10/26/98 -0400, Vin McLellan wrote:
For 30-odd years, info security professionals have used a model which declares that there are only three ways for a machine to validate or authenticate that a remote human is the person who was initially identified and enrolled (by a trusted Admin) as the user authorized to use a computer account:
_"something known," a memorized password or PIN; _"something held," a physical token that can be carried as a personal identifier; or _"something one is," a biometric like a fingerprint or voiceprint.
However, formal security theory, dating back before the invention of PK has recognized that authorization systems can be just as effectively based on a Capability model as an Identity model. A bearer token in my mind, is nothing more than a kind of Capability. The idea is that what you really want to know is "should this request be permitted." Using identity to determine this is just a way of adding a level of indirection to the algorithm. In a capability model, the answer is presented directly. The debate over these models has always revolved around efficiency. I will not review that here, except to note that while capabilities usually take their lumps for not being able to scale well, pure identity models do not scale either. It is always necessary to introduce some form of aggregation, such as groups, roles, citizens, credit card holders, whatever, that reduces the number of individual rules that must be managed, stored and referenced. Therefore, while you may reasonably argue that dbs will not work or scale or whatever for one reason or another, you cannot argue that it is not supported by formal security theory. Regards, Hal ==================================================================== Harold W. Lockhart Jr. PLATINUM technology Chief Technical Architect 8 New England Executive Park Email: Harold.Lockhart@platinum.com Burlington, MA 01803 USA Voice: (781)273-6406 Fax: (781)229-2969 ====================================================================
At 9:18 PM -0700 10/22/98, Vin McLellan wrote:
Hettinga essays are like handball games: the damn ball is ricocheting off the side walls, both ends, the floor and the ceiling. Linear coherence and internal consistency are less important than the electrostatic energy and the rolling rhetorical thunder -- so hey, no big deal if he's a little frisky and expansive with the facts, right?
I've been a critic of some of Bob's "exuberance," his tendency to go off on rhetorical flights of fancy, his irritating "ums" and "ers" and ":-}"s, and his generally opaque writing style. I think there's a kernel of good thinking in there, but his attention seems to flit about. And he seems more interesting in cutesy turns of phrase than in persuasive exposition. If there's stuff there, it's lost in the freneticism.
Said Mr. Hettinga:
It's beginning to look like venture capital is an industrial phenomenon, requiring correspondingly long ramp-up times, and it may be that geodesic markets move too fast for any "consensus" of the investment community to be achieved and, um, capitalized upon, soon enough to make money on a consistent basis, or at least in the presence of a savvy management team.
Gotta love a guy who can write a sentence like that, knot and and double-knot it into a gangly tapestry -- and then glue the whole thing across a wonderful image like a "dirigible biplane."
(That's a Hettinga vehicle is ever there was one. Even in the imagination, it pushes or pulls large amounts of gas around in an unusually muscular way;-)
Indeed. I guess some folks are amazed that anyone can write the way Bob does. Me, I was never amazed by the writings of Detweiler, Toto, or Hettinga. --Tim May Y2K: A good chance to reformat America's hard drive and empty the trash. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments.
At 1:19 AM -0400 on 10/23/98, Tim May wrote:
I've been a critic of some of Bob's "exuberance," his tendency to go off on rhetorical flights of fancy, his irritating "ums" and "ers" and ":-}"s, and his generally opaque writing style.
No accounting for taste, or the lack thereof, for that matter.
I think there's a kernel of good thinking in there, but his attention seems to flit about. And he seems more interesting in cutesy turns of phrase than in persuasive exposition.
What? "Too many notes", Signore Solieri? :-).
If there's stuff there, it's lost in the freneticism.
Don't worry, Tim, you know it all already. Everything I ever learned on this stuff, I learned from you, anyway. Execpt the finance, of course. :-). You know where the 'd' key is, and I bet you even know how to use your killfile, if you tried.
I guess some folks are amazed that anyone can write the way Bob does. Me, I was never amazed by the writings of Detweiler, Toto, or Hettinga.
Right back atcha Tim. And don't forget to shoot back at the Feds when they fly the black helicopters over your house. Otherwise, they might not even know you're there, hmmm? Oh, well. You can't always pick your friends. Or your friend's nose, for that matter. <Ewwwwww...> Cheers, Bob Hettinga ----------------- Robert A. Hettinga <mailto: rah@philodox.com> Philodox Financial Technology Evangelism <http://www.philodox.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
[Subtitle:"Identity, Authentication, & Dunkin Donut Mysticism."] At 12:18 AM -0400 on 10/23/98, Vin McLellan, speaking for legions of SDTI/RSADSI fans (and, evidently, retainers), wrote:
Hettinga's apparent scorn for modern cryptography's obsession with strong authentication -- now manifest in the intensity with which professionals worry the issues around PKC binding, key certification, digital signatures, CA procedures (and in the demand for smartcards to secure X509 certs apart from the networked CPU) -- bespeaks a truly iconoclastic mind.
At which, Mr. Hettinga took a bow ("Thank you. I think.") and proceeded to argue for his Vision, yet again:
Look, folks, "strong authentication" is not the problem. It's biometric *identity* which is the problem. Cryptography gives us the ability to do away with "identity"-based key-mapping altogether. A key is a permission to do something specific with a microprocessor, no more, or less. It doesn't "mean" anything else. Certainly, if you go back and look at the actual, legal, definitions of "signature", or "certificate", they don't mean what people like Verisign (or say, the State of Utah) says their authentication technology does.
But what if we don't _want_ to lose the link between a key (think of it as a secret) and the identity of a biological entity? What if -- instead of anonymity -- our goal is accountability? Truth is, I don't think we're reading from the same page here. (Or maybe, more to the point, we've been working in different dimensions.) It strikes me that while Mr. Hettinga and other e$ seers may have spent the past decade considering how to allow transactional exchanges to escape a human linkage, most professional sysops and network managers have been concerned with how to strengthen the linkage between on-line accounts, actions, and audit trails -- and the humans to which a user's account has been assigned. In this context, any capacity of modern cryptography "to do away with 'identity'-based key-mapping" is irrelvant or worse. The mechanics of "user authentication" -- validating that a remote human is indeed the same human earlier enrolled and assigned a user account on this computer system -- are the foundation of whatever we know about computer and network security today. It may be that the structure and requirements of contemporary corporate networks are irrelevant, just so much background babel, to e-commerce visionaries like Rob and others on the e$ lists. This is a problem in both cultures. Mr. Hettinga intones:
Software will be utterly replicable and will be sold recursively, and untraceably, on a bearer basis, primarily because that's the cheapest way to safely trade money for information on a ubiquitous geodesic public network.
... and I nod, a closet Hettinga fan. I trace the outline of his spiel in my mind like an M.C. Escher tessellation: bug-free software, stateless utopias, and buyers careless of liability. Charming. 2lst Century stuff. Maybe. Maybe not. Then I turn back to the bet-your-business questions of data and system security, where (even with a batch of theory that is universally accepted) implementation hassles routinely swamp practioners. The mundane management and control issues associated with system and network access, and the range of privileges granted to an on-line entity, remain a vexing problem. The difficulty and sometimes the cost of managing reliable "user authentication is an issue;" more often, however, the core problem is that the owners of systems and networks aren't convinced the value of the data and systems they have online deserves a per-user security investment equal to, say, a modem. User Authentication, not coincidentally, is the business of SDTI. In large part because of the magic of RSA and PKI, the mechanical and virtual options for user authentication are changing, even as the fundamentals remain the same. In enterprise networks; in extended Extranets; in business to business connections that replace, enhance, or mimic EDI -- there is great hope that scalable PKI will allow not only confidentiality and strong authentication, but also the other cryptographic services possible only thru public key cryptography: digital sigs for message and source authentication, non-repudiation (with a trusted Current Time source), and confidential communications between parties which have had no prior contact. Nitty-gritty wonderful stuff. PKI (and the "'identity'-based key-mapping" that Mr. Hettinga is so eager to do away with) are viewed with great hope among many if not most IT professionals. Corporate security managers hope that the utility and power of PKC's extended capabilities will define this security technology as an "enabler" -- something users want because it makes their work easier -- rather than the auditor-mandated burden that security mechanisms have traditionally been. For 30-odd years, info security professionals have used a model which declares that there are only three ways for a machine to validate or authenticate that a remote human is the person who was initially identified and enrolled (by a trusted Admin) as the user authorized to use a computer account: _"something known," a memorized password or PIN; _"something held," a physical token that can be carried as a personal identifier; or _"something one is," a biometric like a fingerprint or voiceprint. Graybeards like myself tend to filter all the rumpus about corporate PKIs and global/local keys through this traditional model -- if only because many crypto mavens seem so thoughtless about leaving a potentially powerful piece of data (an PKC private key) relatively unprotected on a PC or networked workstation. The industry's traditional definition of "strong" authentication demands that an authenticating CPU require direct evidence of at least two of the three modes of ID authentication before a user is allowed access to protected resources. (The idea is that an attacker would have to subvert at least two independent systems to corrupt the authentiation.) [For those unfamiliar with the company, SDTI's bread and butter business is this two-factor authentication. The company is best known for the three or four million SecurID tokens it has shipped: key fobs or credit-card sized tokens which continually and automatically hash a secret seed and Current Time to generate a 6-8 digit alphanumeric "tokencode." [SDTI's authentication server, called an ACE/Server, manages the records of tens of thousands of concurrent SecurID holders and validates or rejects two-factor authentication calls (a tokencode and a memorized PIN) which are relayed through a network of outlying ACE/Agents (which are often embedded in other third-party network products.) Due to the popularity of the SecurID with users, ACE/Agents are all but ubiquitous. Virtually all commercial VPNs, firewalls, communication and terminal servers -- multiple product lines from some 60 independent vendors, from Oracle to IBM -- ship with ACE/Agent code embedded in them. See: http://www.securid.com/partners ] Meanwhile, for one possible future, Mr. Hettinga promotes a crypto-anarchic buyer/seller paradigm:
...control of a given cryptographic key is completely orthogonal to the idea of identity. You can map an identity to it, but you don't have to, because possession of the key is "permission", "authority", enough, all by itself. *Who* you give permission to, by name, fingerprint, or physical address, doesn't matter....
Ummm. *Who* matters a great deal to the pros who run today's networks. Security, audit, and accountability all presume a firm grip on who is on-line and what he's doing. (Different dimensions, right?) For access and privilege managment in PKI-enhanced corporate network, most of us want -- at the very least! -- an RSA key/secret firmly mapped to a user/identity. [Mind you, until that private or secret key is further protected by being encased in a token-like smartcard or PCMCIA card -- and until that smartcard _also_ requires a memorized password or PIN to access or use that key -- veteran network or system managers will never be comfortable with a PKC-based authentication...despite the wonderfully grandular controls PKI can offer on networked resources. Truth is, we all know that networked PCs are risky platforms -- so until _all_ the crypto processing is shifted off the PC to the isolated smartcard, infosec pros will worry and kvetch. Expect it.] Readers who have the patience to read Rob's essays are probably still with me, so let me point out that this cross-dimensional cat fight only began when Mr. Hettinga stomped on SDTI and used the companies' recent travails in the stock market as a launching pad for another essay into the stratosphere. Were the original post a discussion of the Dow, or even SDTI's stock price, I'd just duck and run. (Frankly, I don't understand the stock market... and, unlike Mr. Hettinga, I don't have a great deal of respect for the opinions that seem to inform it. To me it's mostly tulip speculation. Mr. H's pal, "Anonymous" -- who made his bones with the declaration that SDTI's ACE/SecurID authentication system is doomed because it is ten years old -- was offering what many brokers refer to as an in-depth analysis;-) I only challenged Mr. Hettinga because his initial comments about SDTI seemed to indicate such vast ignorance of the contemporary security market. No one who knows anything about SDTI and that market would say that the only thing SDTI has that is worth anything is its stake in Verisign (and, of course, it was Rob, not the Globe, who said that.) In the absence of ubiquitous smartcard readers, it seems to me equally foolish to declare that X509 certificates make SecurID and similar two-factor tokens "obsolete" (and, of course, it was Rob, not the Globe, who said that too.) "Close enough for an Internet rant" doesn't cut it as an apologia -- not when a prominent commentator smears a public company on a half-dozen widely-read Internet forums. (Meaning no insult, Rob, but there is a modicum of responsibility that goes along with all those seats at the front table.) Seemingly piqued by the response to his initial comments, Mr. Hettinga then got down to a little bare-knuckle company valuation:
In the meantime, Vin, hang on to your SDTI stock, but probably just for it's residual value to some future investor, like SDTI evidently bought RSADSI for its own residual value, and, aparently, for whatever mystical value the market now puts on Verisign.
What SDTI _does_ have -- as even the Globe's thumbnail sketch acknowledged -- is a huge installed base and the stature of a sophisticated market leader in a dynamic market. SDTI also has a trust relationship with its customer base, the corporate network managers, that is the envy of many real or potential competitors. (RSADSI, the SDTI subsidiary, is rather tight with its customers -- the commercial software developers -- as well. Both firms have also excelled at developing mutually- advantageous partnerships with multiple companies.) For most of the 1990s, SDTI has also fielded the largest dedicated sales force in the world selling computer security. Against a field of a half-dozen competitors who sell two-factor authentication systems, SDTI owns over half the market. Among the choice corporate customers who have installations with more than 1,500 seats, I'd guess SDTI has over 70 percent of the market. Among the Fortune 100, two-thirds of them rely on SecurIDs and ACE authentication servers. Potent evidence of SDTI's stature among its customers is in the results of a recent survey of hundreds of NT network managers by the highly respected SANS Institute. See: http://sans.org/powertools.htm Check out what vendors and security technologies they trust most. Check out what percentage of SDTI's current customers recommend the company and its products to others! Entrust, NAI, SCC et al would kill for those 90-plus percent numbers;-) And the same survey, done today, would probably earn SDTI even higher marks with their new PKI-based Domain Authentication for NT. Quiz: What dbts market commentator airily preaches: "[If] you don't go looking for money anywhere but in your customer's pockets, you'll do just fine." It couldn't be the same guy who's now reeling off these pious but opaque little fables, could it?
So, right now, after all that, um, exercise, SDTI/RSADSI/Verisign reminds me an awful lot of that old joke about the two old Texas spinsters who, walking down a dusty road, came across a talking frog claiming to turn into an oil baron, if only one of them would kiss him to prove it.
"A talking frog", said one of them, putting the frog in her apron pocket, "is worth something."
(Hummmm. Betcha froggie -- even if he just wanted a kiss -- would have taken the time to find out something about the oil business before he claimed to be an Oil Baron. Not all self-declared market analysts are so meticulous;-) There are folks who are certain that Y2K will be blessed with the Second Coming. And then there is Mr. Hettinga, Anonymous, and others who have a gleeful vision of doom, debt, and dismal ROI for Security Dynamics. I find both suspect. Luckily, in both cases, we can get the truth (or at least a consensus one way of the other) within a year or so. I wouldn't want to wager on the Lord's Schedule, but in the case of SDTI's fortune and fate -- well, either the Doomsday Prophet or the Optimistic Courtier will be proven a fool fairly quickly. (What's say, Robert? A New Millenium wager? Winner gets his choice of either a case of decent wine or a box of hollow points on 01/01/00?) Suerte, _Vin ----- Vin McLellan + The Privacy Guild + <vin@shore.net> 53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548 -- <@><@> --
As Cheech & Chong said once, "YYYYYYerrrrrrr Busteeeeed!". :-). It seems I forgot that nCipher is, after all, a manufacturing company. They needed capital to manufacture stuff with, and they went out and got great gory piles of venture capital to do it with, several rounds, in fact, in the millions of dollars. While nCipher seems to be the exception which proves my "venture capitalism is quaintly industrial" assertion, and that, Microsoft, C2NET, and most first-mover software / net firms, can do just fine without venture capital as long as they provide things their customers want, the best "venture capital" to be found in their customers' pocket, and all that, I do plead guilty yer honor, yet again, to working without a net. Oh, well. On the internet, the cost of error is bandwidth, same as it ever was. Sometimes "ready, fire, aim" means losing a toe or two... Of course, it's easy to see how, like machinery eventually became to land in agriculture, the most valuable component in manufacturing won't be the machines themselves, but the software and wetware required to run those machines, someday, but that's a rant of a different color, if not a whole 'nother generation. Cheers, Bob Hettinga At 10:05 AM -0500 on 10/28/98, Hal Lockhart wrote:
I've been waiting for somebody to mention that (according to www.ncipher.com) one of the primary investors in Ncipher, which is the company Bob touted in the rant that started this thread, is none other than SDTI.
They also list investments by Newbridge and no less than three V.C. companies. Seems at odds with Bob's claim that they "used little, if any, venture capital money". However, I have not information about the history or extent of investment in this company, so I bow to Bob's insider knowledge. (Bob, I thought you were going to stop posting insider knowledge to this list. Or was it that you were going to stop NOT posting ...)
As an aside about Ncipher, while I am sure they are smart guys and will do well, isn't a hardware crypto engine pretty much a commodity product? How can a company like this resist an onslaught from an IBM or an Intel if they decided this niche was large enough to go after?
Robert A. Hettinga <mailto: rah@philodox.com> Philodox Financial Technology Evangelism <http://www.philodox.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
participants (4)
-
Hal Lockhart -
Robert Hettinga -
Tim May -
Vin McLellan