Title:

Let A Thousand (Ten Thousand?) CAs Reign

Author:

Stephen Kent

Affiliation: BBN Corporation

Abstract: Early models of formal (e.g., as opposed to the informal PGP-style) certification systems often embodied a notion that a single certificate could be issued to a user to represent that user in a multitude of interactions with many different services. However, establishing certification authorities (CAs) that try to satisfy many different requirements has proven difficult. A company operating a generic CA service must balance liability concerns, acceptable cost models, levels of authentication assurance, and name space issues.

Another approach to certification, motivated by the observation that individuals have many existing relationships with various organizations, is gaining popularity. This approach leverages existing databases maintained by organization to track employees, customers, members, etc. The identities that form the keys to these databases are typically account numbers, name forms that have only local significance. Certificates issued by organizations not for general use, but focused on a specific application, avoid many of the problems facing generic CAs. For example, liability can be well understood because the certificate is bounded in its use. The level of assurance for authentication is determined solely by the issuer, in the context of the application, and the issuer's database provides data associated with the subject that may be used to support online registration with fairly high levels of assurance. Naming problems disappear because the subjects are already assigned names (of only local significance) in the issuer's database.

This model of certification is not a panacea; it would not be ideal for applications such as global e-mail and it certainly is not designed for distributed system environments (e.g., DCE or CORBA). It is best suited to certificates issued to individuals for user-organization interactions, as opposed to certificates issued to organizations for inter-organization interactions. However, many of the relationships (affiliations) that characterize everyday life do fit this model nicely. Moreover, with simple web browser features, the problems of selecting the right certificate for a specific interaction can be made automatic, so that users are not burdened by the plethora of certificates that would result from this model.

X.509 version 3 certificates are well suited to implement this model of certification, making use of the "standard" extensions, e.g., the General Name forms supported by the Issuer and Subject Alternative Name extensions. Moreover, the flexibility provided by many other X.509 v3 extentions facilitate controlled cross-certification, in those instances where it is appropriate.

For more information, contact kent@bbn.com