From: Vin McLellan <vin@shore.net>
Date: Tue, 27 Oct 1998 06:53:40 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: dbts: Cryptographic Dog Stocks, The Dirigible Biplane, and  Sending the Wizards Back to Menlo Park
In-Reply-To: <v04003a08b2551ff61c93@[198.115.179.81]>
Message-ID: <v04003a04b257b75fea2c@[198.115.179.81]>
MIME-Version: 1.0
Content-Type: text/plain



[Subtitle:"Identity, Authentication, & Dunkin Donut Mysticism."]

	At 12:18 AM -0400 on 10/23/98, Vin McLellan, speaking for legions of
SDTI/RSADSI fans (and, evidently, retainers), wrote:

>> 	Hettinga's apparent scorn for modern cryptography's obsession with
>> strong authentication  -- now manifest in the intensity with which
>> professionals worry the issues around PKC binding, key certification,
>> digital signatures, CA procedures (and in the demand for smartcards to
>> secure X509 certs apart from the networked CPU) -- bespeaks a truly
>> iconoclastic mind.

	At which, Mr. Hettinga took a bow ("Thank you. I think.") and
proceeded to argue for his Vision, yet again:

>Look, folks, "strong authentication" is not the problem. It's biometric
>*identity* which is the problem. Cryptography gives us the ability to do
>away with "identity"-based key-mapping altogether. A key is a permission to
>do something specific with a microprocessor, no more, or less. It doesn't
>"mean" anything else. Certainly, if you go back and look at the actual,
>legal, definitions of "signature", or "certificate", they don't mean what
>people like Verisign (or say, the State of Utah) says their authentication
>technology does.

	But what if we don't _want_ to lose the link between a key (think
of it as a secret) and the identity of a biological entity?

	What if -- instead of anonymity -- our goal is accountability?

	Truth is, I don't think we're reading from the same page here.

	(Or maybe, more to the point, we've been working in different
dimensions.)

	It strikes me that while Mr. Hettinga and other e$ seers may have
spent the past decade considering how to allow transactional exchanges to
escape a human linkage, most professional sysops and network managers have
been concerned with how to strengthen the linkage between on-line accounts,
actions, and audit trails -- and the humans to which a user's account has
been assigned.

	In this context, any capacity of modern cryptography "to do away
with 'identity'-based key-mapping" is irrelvant or worse. The mechanics of
"user authentication" -- validating that a remote human is indeed the same
human earlier enrolled and assigned a user account on this computer system
-- are the foundation of whatever we know about computer and network
security today.

	It may be that the structure and requirements of contemporary
corporate networks are irrelevant, just so much background babel, to
e-commerce visionaries like Rob and others on the e$ lists. This is a
problem in both cultures. Mr. Hettinga intones:

>Software will be utterly replicable and will be sold recursively, and
>untraceably, on a bearer basis, primarily because that's the cheapest way
>to safely trade money for information on a ubiquitous geodesic public
>network.

	... and I nod, a closet Hettinga fan. I trace the outline of his
spiel in my mind like an M.C. Escher tessellation: bug-free software,
stateless utopias, and buyers careless of liability. Charming. 2lst Century
stuff. Maybe. Maybe not.

	Then I turn back to the bet-your-business questions of data and
system security, where (even with a batch of theory that is universally
accepted) implementation hassles routinely swamp practioners.

	The mundane management and control issues associated with system
and network access, and the range of privileges granted to an on-line
entity, remain a vexing problem.  The difficulty and sometimes the cost of
managing reliable "user authentication is an issue;" more often, however,
the core problem is that the owners of systems and networks aren't
convinced the value of the data and systems they have online deserves a
per-user security investment equal to, say, a modem.

	User Authentication, not coincidentally, is the business of SDTI.

	In large part because of the magic of RSA and PKI, the mechanical
and virtual options for user authentication are changing, even as the
fundamentals remain the same.

	In enterprise networks; in extended Extranets; in business to
business connections that replace, enhance, or mimic EDI -- there is great
hope that scalable PKI will allow not only confidentiality and strong
authentication, but also the other cryptographic services possible only
thru public key cryptography: digital sigs for message and source
authentication, non-repudiation (with a trusted Current Time source), and
confidential communications between parties which have had no prior
contact.

	Nitty-gritty wonderful stuff.

	PKI (and the "'identity'-based key-mapping" that Mr. Hettinga is so
eager to do away with) are viewed with great hope among many if not most IT
professionals. Corporate security managers hope that the utility and power
of PKC's extended capabilities will define this security technology as an
"enabler" -- something users want because it makes their work easier --
rather than the auditor-mandated burden that security mechanisms have
traditionally been.

	For 30-odd years, info security professionals have used a model
which declares that there are only three ways for a machine to validate or
authenticate that a remote human is the person who was initially identified
and enrolled (by a trusted Admin) as the user authorized to use a computer
account:

_"something known," a memorized password or PIN;
_"something held," a physical token that can be carried as a personal
identifier; or
_"something one is," a biometric like a fingerprint or voiceprint.

	Graybeards like myself tend to filter all the rumpus about
corporate PKIs and global/local keys through this traditional model -- if
only because many crypto mavens seem so thoughtless about leaving a
potentially powerful piece of data (an PKC private key) relatively
unprotected on a PC or networked workstation.

	The industry's traditional definition of "strong" authentication
demands that an authenticating CPU require direct evidence of at least two
of the three modes of ID authentication before a user is allowed access to
protected resources. (The idea is that an attacker would have to subvert at
least two independent systems to corrupt the authentiation.)

	[For those unfamiliar with the company, SDTI's bread and butter
business is this two-factor authentication. The company is best known for
the three or four million SecurID tokens it has shipped: key fobs or
credit-card sized tokens which continually and automatically hash a secret
seed and Current Time to generate a 6-8 digit alphanumeric "tokencode."

	[SDTI's authentication server, called an ACE/Server, manages the
records of tens of thousands of concurrent SecurID holders and validates or
rejects two-factor authentication calls (a tokencode and a memorized PIN)
which are relayed through a network of outlying ACE/Agents (which are often
embedded in other third-party network products.) Due to the popularity of
the SecurID with users, ACE/Agents are all but ubiquitous. Virtually all
commercial VPNs, firewalls, communication and terminal servers -- multiple
product lines from some 60 independent vendors, from Oracle to IBM -- ship
with ACE/Agent code embedded in them. See: http://www.securid.com/partners ]

	Meanwhile, for one possible future, Mr. Hettinga promotes a
crypto-anarchic buyer/seller paradigm:

>...control of a given cryptographic key is completely orthogonal to
>the idea of identity. You can map an identity to it, but you don't have to,
>because possession of the key is "permission", "authority", enough, all by
>itself. *Who* you give permission to, by name, fingerprint, or physical
>address, doesn't matter....

	Ummm. *Who* matters a great deal to the pros who run today's
networks. Security, audit, and accountability all presume a firm grip on
who is on-line and what he's doing. (Different dimensions, right?)

	For access and privilege managment in PKI-enhanced corporate
network, most of us want -- at the very least! -- an RSA key/secret firmly
mapped to a user/identity.

	[Mind you, until that private or secret key is further protected by
being encased in a token-like smartcard or PCMCIA card -- and until that
smartcard _also_ requires a memorized password or PIN to access or use that
key -- veteran network or system managers will never be comfortable with a
PKC-based authentication...despite the wonderfully grandular controls PKI
can offer on networked resources.  Truth is, we all know that networked PCs
are risky platforms -- so until _all_ the crypto processing is shifted off
the PC to the isolated smartcard, infosec pros will worry and kvetch.
Expect it.]

	Readers who have the patience to read Rob's essays are probably
still with me, so let me point out that this cross-dimensional cat fight
only began when Mr. Hettinga stomped on SDTI and used the companies' recent
travails in the stock market as a launching pad for another essay into the
stratosphere. Were the original post a discussion of the Dow, or even
SDTI's stock price, I'd just duck and run.

	(Frankly, I don't understand the stock market... and, unlike Mr.
Hettinga, I don't have a great deal of respect for the opinions that seem
to inform it. To me it's mostly tulip speculation. Mr. H's pal, "Anonymous"
-- who made his bones with the declaration that SDTI's ACE/SecurID
authentication system is doomed because it is ten years old -- was offering
what many brokers refer to as an in-depth analysis;-)

	I only challenged Mr. Hettinga because his initial comments about
SDTI seemed to indicate such vast ignorance of the contemporary security
market.

	No one who knows anything about SDTI and that market would say that
the only thing SDTI has that is worth anything is its stake in Verisign
(and, of course, it was Rob, not the Globe, who said that.)

	In the absence of ubiquitous smartcard readers, it seems to me
equally foolish to declare that X509 certificates make SecurID and similar
two-factor tokens "obsolete" (and, of course, it was Rob, not the Globe,
who said that too.)

	"Close enough for an Internet rant" doesn't cut it as an apologia
-- not when a prominent commentator smears a public company on a half-dozen
widely-read Internet forums. (Meaning no insult, Rob, but there is a
modicum of responsibility that goes along with all those seats at the front
table.)

	Seemingly piqued by the response to his initial comments, Mr.
Hettinga then got down to a little bare-knuckle company valuation:

>In the meantime, Vin, hang on to your SDTI stock, but probably just for
>it's residual value to some future investor, like SDTI evidently bought
>RSADSI for its own residual value, and, aparently, for whatever mystical
>value the market now puts on Verisign.

	What SDTI _does_ have -- as even the Globe's thumbnail sketch
acknowledged -- is a huge installed base and the stature of a sophisticated
market leader in a dynamic market. SDTI also has a trust relationship with
its customer base, the corporate network managers, that is the envy of many
real or potential competitors. (RSADSI, the SDTI subsidiary, is rather
tight with its customers -- the commercial software developers -- as well.
Both firms have also excelled at developing mutually- advantageous
partnerships with multiple companies.)  For most of the 1990s, SDTI has
also fielded the largest dedicated sales force in the world selling
computer security.

	Against a field of a half-dozen competitors who sell two-factor
authentication systems, SDTI owns over half the market. Among the choice
corporate customers who have installations with more than 1,500 seats, I'd
guess SDTI has over 70 percent of the market.  Among the Fortune 100,
two-thirds of them rely on SecurIDs and ACE authentication servers.

	Potent evidence of SDTI's stature among its customers is in the
results of a recent survey of hundreds of NT network managers by the highly
respected SANS Institute. See: http://sans.org/powertools.htm  Check out
what vendors and security technologies they trust most. Check out what
percentage of SDTI's current customers recommend the company and its
products to others!

	Entrust, NAI, SCC et al would kill for those 90-plus percent
numbers;-)  And the same survey, done today, would probably earn SDTI even
higher marks with their new PKI-based Domain Authentication for NT.

	Quiz: What dbts market commentator airily preaches: "[If] you don't
go looking for money anywhere but in your customer's pockets, you'll do
just fine."  It couldn't be the same guy who's now reeling off these pious
but opaque little fables, could it?

>So, right now, after all that, um, exercise, SDTI/RSADSI/Verisign reminds
>me an awful lot of that old joke about the two old Texas spinsters who,
>walking down a dusty road, came across a talking frog claiming to turn into
>an oil baron, if only one of them would kiss him to prove it.
>
>"A talking frog", said one of them, putting the frog in her apron pocket,
>"is worth something."

	(Hummmm. Betcha froggie -- even if he just wanted a kiss -- would
have taken the time to find out something about the oil business before he
claimed to be an Oil Baron.  Not all self-declared market analysts are so
meticulous;-)

	There are folks who are certain that Y2K will be blessed with the
Second Coming.

	And then there is Mr. Hettinga, Anonymous, and others who have a
gleeful vision of doom, debt, and dismal ROI for Security Dynamics.

	I find both suspect. Luckily, in both cases, we can get the truth
(or at least a consensus one way of the other) within a year or so. I
wouldn't want to wager on the Lord's Schedule, but in the case of SDTI's
fortune and fate -- well, either the Doomsday Prophet or the Optimistic
Courtier will be proven a fool fairly quickly.

	(What's say, Robert?  A New Millenium wager? Winner gets his choice
of either a case of decent wine or a box of hollow points on 01/01/00?)

	Suerte,
		_Vin



-----
      Vin McLellan + The Privacy Guild + <vin@shore.net>
  53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548
                         -- <@><@> --