Licensing of Trusted Third Parties for the provision of encryption services Response to public consultation paper Dr Andrew Findlay Head of Networking and Systems Computer Centre Brunel University Uxbridge UB8 3PH Andrew.Findlay@brunel.ac.uk +44 1895 203066 General comments The consultation paper deals with the important subject of the confidence that people can have in the use of electronic communications. There are many aspects to the problem, but the two that are of most concern to most people are confidentiality and proof-of-identity. The methods used to provide the confidence that people require are mostly associated with the science of cryptography. It is unfortunate that cryptography is strongly associated with subterfuge and warfare in the minds of the public and politicians alike. This leads to some irrational positions being taken both for and against the use of cryptography for day-to-day communication. The fact remains that cryptography can provide a much stronger assurance of the authenticity and confidentiality of a document or message than any traditional paper-based system. The consultation paper makes the point that Trusted Third Parties (TTPs) are essential to the practical use of cryptographic techniques. This assertion is backed up by drawing the definition of a TTP so widely (para 74) that any person or organisation providing a service related in any way to cryptography would be covered by the definition. By providing penalties for operating an unlicensed TTP, the current proposals would create a legal minefield that would severely jeopardise the development of secure networks within and between co-operating organisations. Identity One of the declared functions of a TTP is (para 40): "A TTP can also assure the user of the trustworthiness of another user to the extent that they are who they claim to be." This is a laudable aim, but it raises a fundamental question: What is the meaning of the identity that the TTP proves? In `official' usage, a person's identity might be established by their birth certificate, and linked to the Social Security numbers, NHS numbers, Passport numbers, and other government-issued IDs that flow from it. Even this apparently simple case is fraught with difficulty: it is well known that many UK citizens do not have birth certificates - consider the case of naturalised immigrants, or of travelling communities for example. In practice, people have many identities: bank accounts, club membership cards, trading names, and many less formal but still important `handles'. There is no reason why all these identities should be linked together or to a birth certificate. Indeed, when the Privacy Enhanced Mail standard was first proposed, it was explicitly recognised that there would be a need for provable but anonymous identities. In the case of organisations, it is clear that a Board of Directors could apply under their official seal for a TTP registration in the name of the company, but what about the constantly changing lower levels? How should a TTP establish the right of a department to register its public contact points? How should a less formal entity like an amateur dramatics society prove its right to a TTP registration? The role of a TTP In view of the statements above, the role of a TTP needs a careful re-definition. For many purposes the `absolute' identity of a person or organisation is not relevant or meaningful. What is needed is a persistently-provable identity, so that a communication partner can prove that they are `the same person that you were talking to yesterday'. The cost of a TTP service The public TTPs proposed by the consultation paper would have severe restrictions placed on their operations. I believe that only the very largest companies would be prepared to take on the work and risk involved. In practice this might mean the large credit-card issuing consortia. On this assumption, and also assuming that no strong identity check would have to be performed by such a TTP, I believe the cost of a TTP registration would never fall below ten pounds per year in 1997 prices. Initially it might be very much higher. TTPs and Universities The UK's Universities are a good example of a group of loosely-connected organisations with some interests in common and some areas of competition. One area of common interest is that of obtaining good value from providers of goods and services, and several consortia have been set up to negotiate the deals. A particularly relevant activity is that of obtaining access to online database services for research and teaching. The providers of the databases normally impose requirements on the universities to ensure that only bona-fide university members can get access to the services. At present the implementation of these requirements often involves distributing usernames and passwords for each service to each potential user. This has already become an administrative nightmare, and work is starting on ways to provide `single sign-on' for all services whether provided on-campus or remotely. It is fairly obvious that such a single-sign-on system will have to involve cryptography if it is to be trusted, so under the rules proposed in the consultation paper there must be at least one TTP involved. There are about one million people involved in UK Higher Education at any one time, and it is a very cost-sensitive business. Purchasing commercial TTP services for this population at ten pounds per head per year is out of the question, but the universities could run a distributed TTP service adequate to their needs for considerably less. I estimate that my own institution, Brunel University, could provide a proof-of-membership TTP service to its members for well under one pound per person per year if we were allowed to define the service and security parameters to suit our own needs. Under the rules proposed in the consultation paper it would not be permitted for a non-licensed university TTP to be used for communication with suppliers, thus blocking this very important avenue of development. A proposal There is obvious merit in a network of TTPs that can be trusted by the general public to behave in a certain way. There are also requirements that are better met by less formal and less costly structures. I therefore propose that if legislation is to be introduced on this subject, it should create two classes of TTP: Class 1 TTPs would have the strong licencing, liability, and operational requirements currently being proposed for all `public' TTPs. Class 2 TTPs would not have any legal requirements placed upon them. The benefit of using a Class 1 TTP would be that communications issued under its aegis would have a defined legal standing, whereas those authenticated by a Class 2 TTP would not have a legal meaning unless the parties concerned agreed to assign one. Class 1 TTPs would not authenticate certificates issued by Class 2 TTPs, so there would be no confusion about the status of any given communication. Comments on specific paragraphs Para 42: `Use of licensed TTPs is voluntary': The definition of a TTP is drawn so widely that anyone handling or storing certificates is likely to be covered. This would apparently make a provider of Directory services liable for licensing if they stored users' X.509 certificates. This is rather like saying `eating is voluntary' - true in theory but not in practice. Para 43 and 44: Positive Licensing: Mandatory licencing is NOT necessary for consumer confidence if it is accepted that there will be many TTPs with different spheres of operation. As an example, I would be quite prepared to trust my credit-card issuer to authenticate financial transactions within my credit limit, but would not want to trust them to authenticate my vote in a parliamentary election. Para 48-50: Exclusions from licensing requirement: The exclusions are not wide enough for an organisation to feel safe in running its own services. Most organisations have ill-defined boundaries and it would be risking criminal prosecution to provide TTP-like services to people who might be deemed to be `outside' the organisation. Para 57: Licence conditions: Much power is given to the Secretary of State in this paragraph, with the effect that the entire character of the legislation could be modified by changing the conditions. Paras 68/70: Exemptions: I have argued in earlier sections that there should be no broad-based requirement for licensing. Specific exemptions would just fix individual problems caused by the introduction of such a prescriptive law, while leaving others to impede progress. Para 72: Prohibition of offering/advertising: It is no longer practical to prevent advertising from abroad from reaching UK citizens in large quantities. Para 87: Liability for disclosure: A TTP would be placed in an impossible situation if it had to carry the burden of proof that a client had disclosed their own keys. Client keys may well be stored or processed on poorly-managed personal computers, and it has been shown to be extremely easy to subvert the operation of such equipment without leaving auditable traces. The author Dr Findlay obtained his BSc and PhD degrees at the Department of Cybernetics at Reading University. After several years teaching computing on the Special Engineering Programme at Brunel University he was appointed Head of Networking and Systems in the University Computer Centre. In that post he has responsibility for the design and operation of a network supporting 4000 computers and 20000 registered users spread across four sites. He is a past chairman of the Information Technology Professional Group of the Institution of Electrical Engineers, has organised several UK and European computing conferences, and is a regular speaker on computer security matters. ~andrew/docs/security/response-to-dti-ttp-proposals 28 May 1997