From: jdd@aiki.demon.co.uk (Jim Dixon)
To: solman@mit.edu
Message Hash: fb210861a3e7a5f06d810839126d0371abba3814428d702f72d7f20d6b8fd8a5
Message ID: <8402@aiki.demon.co.uk>
Reply To: N/A
UTC Datetime: 1994-08-29 12:21:15 UTC
Raw Date: Mon, 29 Aug 94 05:21:15 PDT
From: jdd@aiki.demon.co.uk (Jim Dixon)
Date: Mon, 29 Aug 94 05:21:15 PDT
To: solman@mit.edu
Subject: Re: Is pay-per authentication possible absent trust?
Message-ID: <8402@aiki.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain
In message <9408251545.AA22928@ua.MIT.EDU> Jason W Solinsky writes:
>
> Here is the situation. Charles runs a certification agency. He might be
> certifying that you have some basic competency so that people will hire
> you. [etc]
> Either way, Charles's certification is worth money to you. But the value to
> you isn't a constant amount. Each time you use the certification, you derive
> additional value from it. So Charles figures that it makes much more sense
> to sell his certifications on a per use basis... [etc]
> To do this Charles adopts a protocol in which his signatures are time
> dependent. Everybody can verify that his signatures a valid for the time
> at which a signature is required, but only Charles can figure out what
> the correct signature is for time T in polynomial time. [etc]
> Enter Ingve the insurance salesman. Ingve will guarantee to others that you
> are certified by Charles by offering them bets. So suppose that Microsquish
> sends you its advertising agent and the agent is offering a 10 nano-slinkys
> [a cyberspatial monetary unit] bonus if you can produce one of Charles's
> certifications. Charles is charging 8 nano-slinkys. In steps Ingve. You've
> told Ingve that you are certified by Charles as a frequent purchaser of big
> brother inside computers. So Ingve says: "I'll convince Microsquish to accept
> my word that you have Charles's certification in exchange for just four
> nanoslinkys. But if at my request you ask for the certification and Charles's
> says you aren't certified then you owe me 64 nano-slinkys." Since you are sure
> that you are certified you accept the deal. Then Ingve goes to Microsquish
> and offers to insure your certification. Each time Microsquish accepts a
> certification from Ingve for you, Ingve will pay Microsquish 2 nano-slinkys
> but will be able to get your business (and thus offset that with the four
> nano-slinkys). But, if it turns whenever Microsquish wants to it can check
> up on your certification from Charles at cost (8 nano-slinkys). If Charles
> certifies you all is well. Otherwise, you owe Ingve 64 nano-slinkys and
> Ingve has to pay up Microsquish's insurance claim (which could be quite large
> depending on the policy.
>
> The result of all this is that Charles is cheated out of his revenue. Ingve,
> You and Microsquish profit, but Charles fails to reap the benefits of his
> certification. The question is: Is there a secure method that charles can
> use to prevent the "Ingve the insurance salesman attack"?
This is one of these problems where there is less there than meets the eye.
First, a distinction is made between Charley's type of certification and
Ingve's: Charley provides absolute assurance and Ingve provides a guess.
But in actuality nearly all certification is probabalistic. That is,
Charley goes through some sort of process and decides that he takes very
little risk in offering a certificate. But you can rarely be certain that
anything is true. So both Charley and Ingve guess.
Secondly, when Ingve makes a similar guess, he takes a quantifiable risk.
If he guesses wrong, he pays a penalty to MS. You imply that Charley
takes no similar risk. In fact he must. The risk may be quite visible
(he posts a bond which he can lose, or the customer may sue for damages)
or it may be less visible (customers will stop coming to him if his
certifications are false). So Ingve and Charley both face a penalty if
they guess wrong.
Finally, you throw in a payment to MS so that Ingve pays something when
he issues a certificate, but by omission you imply that Charley's
certificates are cost free. However, if they were, than Ingve's rational
course of action would be to do whatever cost-free mumbo jumbo Charley
does and issue his own certificates. So Charlie's certification process
must have a cost, and so we suspect that in fact Charlie is sometimes
behaving just like Ingve. Sometimes Charlie just skips the expensive
precertification steps and issues a certificate anyway, making an extra
profit. This is a form of self-insurance. So they are both in the
insurance business.
At this point, the distinctions between Charlie and Ingve have largely
vanished. Ingve is just a competitor. MS pays less for Ingve's
certificates because Ingve is known to guess a lot, whereas Charlie is
generally trusted more. You pay less to Ingve for the same reason.
--
Jim Dixon
Return to August 1994
Return to “jdd@aiki.demon.co.uk (Jim Dixon)”
1994-08-29 (Mon, 29 Aug 94 05:21:15 PDT) - Re: Is pay-per authentication possible absent trust? - jdd@aiki.demon.co.uk (Jim Dixon)