Re: [saag] Channel binding is great but not a silver bullet

[Stephen Kent <kent@bbn.com>]

Nico,

I'm unclear on the exact constraints you're trying to satisfy with 
the channle binding model, but here are some observations anyway.

Mutual authentication is certainly desirable for most communication 
contexts. But, in contexts where neither party has a relationship 
with the other a priori, I don't think there is any magic bullet.

The primary, large scale, global PKI to which PHB alluded is the only 
major example we have where a user can get a reasonable level of 
assurance for one-way authentication. That model enables a 
(conceptually simple) transition to two-way, cert-based 
authentication, where each web site can act as a CA for its users. 
However, the poor tools we have to manage a plethora of certs from 
these narrowly-scoped CAs makes it hard for users to buy into that 
model.

In other parts of the world (especially in Asia)) there are large 
PKIs that serve substantial user communities. Often governments take 
the lead in issuing certs to individuals in these PKIs, and in 
creating CAs or bridge CAs to certify government and private sector 
organizations.

But, none of this is free. Absent government subsidies, mandated use, 
or hidden taxes, one ought not surprised by business models that 
require users and/or web site owners to pay for certs.  After all, in 
most contexts, at best you get what you pay for :-).

The lack of a single credential that authenticates a user to 
everywhere is a good thing from a privacy perspective. Federated 
identity management schemes create lots of opportunities to link 
islands of authenticated users (and organizations), but they have 
sever drawbacks re security. I tend to think of such schemes as 
having all the charming features of Wikipedia :-).

Steve