Population-scale PKI
By Dave Birch posted Feb 1 2008 at 12:38 PM[Dave Birch] The Land Registry, the government agency that records who owns Britain's land and buildings, has spent the past decade developing an e-conveyancing system to make buying and selling houses easier and more certain. It's going to be using PKI to secure the system. Authorised parties will be able to exchange information quickly, securely and reliably with each other and the Land Registry. Documents will be encrypted and "signed" with a digital certificate, and people will require a secure token, username and password to produce and read the documents. Final testing is underway and when it goes live, expected in early summer, it will be able to process up to 300,000 documents a day and support up to half a million security "certificates" from property professionals such as conveyance attorneys.
Of course, when bad implementation or an incomplete understanding of PKI leads to errors that are that serious, the results can be disastrous. India has a PKI-based digital signature system managed through digital certificates issued by licensed CAs. The CAs are authenticated by the Controller of Certifying Authorities (CCA) who is the root certifying authority in India. Every digital certificate owner therefore needs to download the digital certificate of the certifying authority as well as the digital certificate of the Controller when he has to install or verify the end user certificate in his system. In October 2007, this CCA site (which is supposed to be 24/7) went down. This meant that no-one could authenticate certificate chains. I've no idea how much this actually cost businesses, but in a future society where all sorts of transactions are conducted digitally and demand authentication, this kind of centralised solution is an obvious weakness. Surely an intelligent terrorist would want to cripple this kind of root rather than waste time blowing up the odd building here and there.
Still, I'm sure it's now well understood that building a large identity management system with a single central point-of-failure is, essentially, designing-in failure.
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]
At least they got the distributed validation right as part of the infrastructure, now let's see if they can deploy it properly (e.g. maybe more than a single validation responder). This really is an interesting application and has a chance to show e-commerce and PKI in the mainstream.
Posted by: Salvatore D'Agostino | 05/02/2008 at 01:44 AM