Comment Snail mail, PKI & Implied Trust (Score 1) 91
The USPS and Federal mail fraud regulations along with the length of time society has used snail mail have played a part in creating that implied level of trust. But the majority of that trust comes from the relationship between the sender and recipient. Handwriting or letter style of grammer play a part in building that relationship which is why you trust that the message you have received is really authentic. The relationship's trust is also based on the type of message being conveyed:
- I send you money, you send me goods.
- It's your birthday so I'll send you a card and present.
- I just had good news and I want to share it with you.
- I am a sleazy direct marketer and you really hate me for filling up your mailbox.
That same implied trust does not exist today with PKI-enabled email. We don't have many of those associations in email to imply the same level of trust. PKI has limitations in that the trust placed in the transportation of the email has nothing to do with the content of the message. It also has nothing to do with the relationship between the sender and recipient. It is purely a clinical way of ensuring either privacy between sender and recipient, or the sender signing the message for non-repudiation. All it ensures is that:
- The person sending the transaction is actually the originator
- The person receiving the transaction is the intended recipient
- Data integrity has been not been compromised
None of this has anything to do with the content of the message or the relationship between the sender and recipient. PKI trust is effectively sterile.
Now add onto that the reliability of your regular email provider, your ability to store your keys securely yet have them easily at hand to actually use, add the average IQ of those you trade email with on AOL, and you suddenly realize that none of this is ready for prime-time.
Several suggestions have been presented to create the infrastructure for PKI. A recent recommendation is to have the DMV issue Smart Card drivers licenses, and an initial certificate which you would use for an electronic signature. This is probably the quickest way to get certs to the unwashed masses, but opens a whole can of worms related to government intervention. Let's look forward to that time (hinted at in the Book of Revelations) when you can only buy and sell electronically using such a cert as your "unique signature ID". If the DMV can revoke your driving privelidges and cert for any reason, then you have no reason to imply any trust in such a system unless you truly believe it can never happen to you. Of course, if you're prone to paranoia....
Back here on planet earth, most certificates are issued for two years and then automatically expire. After it expires anything you have signed will be no longer be able to be validated by the CA. Legally this is still unknown territory. Can you still trust email that was signed, but the certificate of authority has expired? Or is your trust now based upon the implied trust (context and the relationship) that was established when the cert was valid?
The conclusion that seems to gathering consensus is the Smart Card route. Whether you would trust VISA/Mastercard more than the DMV to issue you your card, and whether you can add your own certs to your Smart Card remain to be hashed out. Either way the trust relationship we know from snail mail will be different in PKI.
We can trust who sent and received the message. We can trust the integrity of the message. But we are still no closer to being able to trust the contents of the message any more than snail mail.
