Why the computing world chose PKI

TalkBack 1 of 21:

Next »

• Thread View
• Flat View

Activation energy vs. activation errors

I've used, designed and maintained PGP extensively from the early days where no part was user friendly up to the current day where post-activation use is very slick. I?ve also used, designed and maintained PKI?s for years. In both cases for Fortune 1000 companies.
In my opinion, for the user, (let?s assume that the infrastructure was designed and installed by experts), PGP requires slightly more activation energy than PKI. In both cases, performing signature and encryption requires that both users have been provisioned with key pairs. The cryptography involved is basically the same. Both products use the appropriate keys to verify the other party and securely exchange a secret (symmetric) key. Back to activation? at this point, let?s assume that the PGP user publishes his public key to a PGP key server and the PKI user publishes his key (with X-509 certificate to an LDAP directory). Now, if Alice and Bob have both done this, when they want to email each other for the first time, once can query the appropriate server for the other?s public key and associate it with the others contact record in their email app. Whether Alice and Bob were using PKI or PGP, the activation energy has been the same to this point. But wait? the PKI users are done, but the PGP user?s still have more work to do.
Here?s where PKI wins out both in security and ease of activation. With PKI, the hierarchy of trust is done, Alice and Bob trust each other without having to think about anything. If they were suing PGP, they have no way of knowing whether or not they can trust the public keys they have for the other user. Now Alice and Bob must check each other?s key fingerprint and compare it against what the other says theirs is. This MUST be done out of band. That means that Alice and Bob need to make a phone call, send a fax or write a letter to get the finger print to the other. The point of secure mail is that you don?t trust the transport mechanism, so you can?t trust fingerprint validation to the same medium.
Wait, there?s more? what happens when Bob is kidnapped by spies? Fired? With PKI, key revocation is centralized and checked against the central source at every use. With PGP the only Bob can revoke his key or Alice can break the trust on her end, assuming she knows that Bob was fired. There are other methods for key revocation depending on how the trust was built, for instance, if someone in the chain of trust were to revoke their trust of Bob, but this is complex and the lack of a standardized trust model leave too much to both chance and error.
The worst part of all this is that you are putting the trust model in the hands of the end user. The average end user does not want to know how it all works and will not perform the proper diligence. This means that the trust model is broken from an operational stand point.
PGP is fantastic for those of us who are nerds and understand complex trust models, but PKI is the only way to go for ease of use and maintaining string trust for end users.

Posted by: markgamache   Posted on: 08/09/05 You are currently: a Guest | Members login | Terms of Use

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

SponsoredWhite Papers, Webcasts, and Downloads

• The True Costs of Virtual Server Solutions VMware In an economic environment that is repeatedly heralding the message "do ... Download Now
• Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
• Unrivaled support from Novell, now available for Red Hat Novell If Linux is going to power your mission-critical applications, you'd ... Download Now