Andrew Patterson wrote: >Apologies if I am rehashing an old debate as I only joined this >list recently but I have been doing some work recently with >pki certs (hesa and non-hesa) and would be interested in >fleshing out some of the points you have brought up.. > >Firstly, I think there needs to be a separation of the technical >and legal.. technically, it would be trivial for Argus to support >multiple CA roots, and in fact every PKI library I've ever used >supports multiple CA roots by default. Furthermore, the barrier >to creating your own CA root is minimal - I could generate a >CA and give you all certificates tomorrow and we could all >send each other PKI emails that are perfectly secure.. so >technically pretty much everything about PKI is easy >(well, I'm being a bit glib, but its all relatively easy) > >But of course all the interesting issues with PKI come about >from a legal standpoint.. and that's because from what I can >see, its the _only_ issue in PKI. Essentially, your PKI >certificate is a random number given to you by someone. >What's interesting is what you think/know/trust about >the entity giving it to you, and what they think/know/trust >about you. > >If you want to attach no legal meaning to it then we >can create a CA on ozdocit and issue certificates for >everyones email address. Technically, it will be as valid >a PKI certificate as one generated by Hesa and will >encrypt and sign email just as effectively. >The importance of what Hesa and other CA bodies >do is that they make a legal assertion about you >(as holder of the PKI certificate). Now that assertion >might be pretty weak (cacert.org makes the assertion >that a couple of other people on the internet met you >and you showed them some id) or it might be >onerous (Hesa makes you prove that you are a doctor >and are able to claim against medicare etc - then they >throw in a whole bunch of other legal stuff). But >the fact that they make some sort of assertion >is what makes it all interesting. > >Now sure, Hesa might be a sucky model for how to >be a CA in Australian health (I'm not saying they are - I >don't really know too much about the EULA they make you >sign) but I think the debate should be about what >assertions you want your CA to make about you. > >If the goal is merely to secure email, and you aren't >worried about proving identity then perhaps a much >less rigid framework is appropriate. It really would be >possible to setup an automated PKI generator >that asserts nothing more than "a certificate was >given to the person who was in control of that >email address at this time". i.e. mail a particular >email address, and it will send you back a >certificate. And these really could be used to >do everything it seems you want to do with secure >email (i.e. just encrypt it). But it would assert >nothing legal about the email addresses owner >(not even their name!) > >Perhaps the >real answer is a multitude of certificates and CA's, >ranging from personal email certificates merely to >encrypt email, ranging up to 100 points of id, sign >my life away certificates for medicare claiming, >prescription writing etc. > >Personally, I would have thought the correct bestower of >PKI certificates is whatever body accredits the >health practitioner.. so the RACGP for GP's, >relevant colleges for specialists and whatever >accreditation bodies are appropriate for allied >health professionals. That way they would be >asserting both identity and qualifications. > >Apologies for the long winded and at times rambling >thoughts - I just thought I'd throw some of my >musings up for discussion if others on the >list are interested. > Your description of things is fairly accurate, Andrew. We are using cacert.org certificates for the reasons you highlight. Cacert provides strong binding between the certificate and the email address. We use an out of band confirmatory mechanism to validate the communication. We call this agent "the patient".
While most of us agree with Doug that GPG is preferable for the technically competent it is much harder to support many to many communication for the casual user. Cheers. David _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
