Concerns from N. Borenstein of First Virtual

Input from First Virtual

Date: Thu, 23 Feb 1995 18:50:36 -0500 (EST)
From: Nathaniel Borenstein 
To: Tim Berners-Lee 
Subject: My comments for yesterday
Cc: Darren New 

Tim -- Here are the comments I sent with Darren yesterday; he said you'd
like an ASCII version.

I'm sorry I missed the meeting, I hope I can make the next one!  -- Nathaniel
----------------
                  NSB Concerns -- W3O Security Meeting

              Nathaniel Borenstein, First Virtual Holdings
                            February 20, 1995

I'm sorry I can't be present for the February 22 W3O security meeting. 

I wish you a productive meeting in my absence.  I have a few concerns
that I would like to see addressed in the context of the ongoing
convergence efforts, and that I had hoped to raise in person.

First, I am concerned about the emerging "standards triangle" formed by
the combination of email, WWW, and encryption technology.  There are
already some problems that arise from the slight differences in MIME
usage between email and the Web.  The current state of the SHTTP
proposal (12/94 Internet Draft) threatens to make this situation far
worse, because it is based on the OLD version of PEM (RFC 1421).  


As many of you know, the PEM community last year produced an Internet
Draft for a new version of PEM that moves PEM much more closely into
line with MIME.  Even more important, they did this with a very general
construct, "multipart/security", which is intended to be more widely
applicable to MIME security types than just for PEM.  At about the same
time, Phil Zimmerman and I produced an Internet Draft on MIME-PGP
integration, that threatened to only widen the schism.  However, in the
fall, Phil Zimmerman, Jim Galvin, and I had a "meeting of the minds" and
agreed in principle to try to move the MIME-PGP work into the
multipart/security framework.  Further, Phil and Jim agreed to try to
make the PGP and PEM keys interoperable, which would be a huge step
forward for real security standards.

In short, there is reason to believe that the MIME, PEM, and PGP
communities are actually all converging on a standardardized wrapper for
the representation of signed and/or encrypted MIME entities.  Given that
HTTP (and SHTTP) are used for the transmission of MIME entities, I think
that it is a serious mistake to commit to a different path. 

Unfortunately, this is just what is done by the current SHTTP
specification, insofar as it based on the old, obsolete version of PEM
and insofar as it invents MIME extensions that are incompatible with
those being adopted for email use (e.g. the invention of
Content-Privacy-Domain).

Second, and perhaps even more important, I think it is critical that the
W3O security work should address the issue of certification authorities.
 Encryption and authentication provide misleading assurances in the
absence of such authorities.  Server-based certification is good as far
as it goes, but it is vital that the certification authorities
themselves be certified.  It must be the case that the user of a
NetScape browser can verify the identity of an OpenMarket server, and
that the user of a Spyglass browser can verify the identity of a
NetScape server.  Failure to address these issues is a guaranteed recipe
for failures of interoperability, and will push the community towards
either chaos or monopoly.  To my mind, this suggests an imperative need
for a certification authority that is vendor-neutral, perhaps under the
auspices of W3O or IETF.  First Virtual would be happy to help support
the creation of such an authority, in cooperation with other consortium
members.

Third, although, we completely support the lack of requirement, in
S-HTTP, for client-side certificates, we think it is vital that the
emerging security infrastructure for WWW must *permit* such
certificates.  Making this an optional feature at the protocol level is
not enough.  In the absence of a coherent plan for certification
authorities, client-side authentication will never happen.  


The absence of an open and large-scale certification infrastructure will
cause several major problems.  In particular, it is necessary for the
integrity of such vital commercial applications as credit card
transactions, where even an encrypted transaction is vulnerable to all
the "card not present" risks and regulations.  In the absence of
certification, Internet-based credit card transactions will be AT BEST
no less prone to fraud than telephone-based credit card transactions. 

Moreover, this 'best case" will not happen because the existence of
merchants on the Internet with credit card databases will itself open up
new avenues for fraud.  If credit cards are to be transmitted over the
Internet, even with encryption, it is ultimately necessary, for
security, that their senders be authenticated.

Additionally, small would-be entrepreneurs working with freeware servers
will need access to a certification authority.  Insofar as the only
certification authorities are provided by commercial vendors, the W3O
will have effectively precluded the use of freeware servers for
commercial transactions.  This is a radical departure from Internet
traditions, and one that First Virtual opposes.  (We realize that any
module that uses RSA encryption will have to satisfy certain legal
requirements for commercial use; however, we do not wish to preclude the
use, for example, of legal versions of PGP in conjunction with freeware
servers.)

I hope that the meeting can address these concerns and make continued
progress towards a generally interoperable security structure for the
Web.  I'm sorry I can't be present, and I hope to see you all at future
meetings.  -- Nathaniel