[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bank cosortium to form CA





--- begin forwarded text


Date: Fri, 23 Oct 1998 00:38:10 -0400 (EDT)
From: Rich Salz <[email protected]>
To: [email protected]
Subject: Re: bank cosortium to form CA
Sender: [email protected]

I seem to have gotten myself dropped from the list, but luckily a
friend forwarded (part of?) Steve's posting and Ben's (snarky :)
followup.  Let me try to give some details.  The WSJ had a one-day
exclusive, and their coverage was (from our perspective ;) not the
best.  You can find some other (free) coverage at www.wired.com,
http://www.americanbanker.com/cgi-bin/read_intrastory?981021TECH999,
and www.businesswire.com (sorry I don't have all the URL's convenient).

Here's some details.  I am not an official CertCo spokesman.
Official press contacts can get contact info and collatoral from
www.certco.com.  The following comes from our press release,
supporting Q&A, etc.

We're creating a new company (name being chosen; I'll call it GTO
for global trust organization -- the PR says enterprise, but GTE
is already in use :).  The GTO is aiming for online *business-to-business*
commerce.  The B2B point is key:  we're in the high-value commercial
transaction area.  Don't think buying some books from amazon.com,
think of Texas buying all their textbooks.

The GTO will be running a root CA and a "repository" where the CA
will publish its certs and CRL's.  The root will use CertCo's
RootAuthority.  Our Multi-Step signing can take a private key and
split it into a set of keyps called fragments.  We then destroy
the original key.  When enough fragments sign something (quorum
determined at the time the fragments are generated, and are usually
like "5 of 7"), those signatures can be combined (mathematically)
and the result looks like it was signed by the initial key.  So we
can take a key, spread its fragments around the world, and have a
very secure root.  That's step one.

Step two is the root CA will certify CA's for member banks.  These
are big global banks each having billions in assets.  (The initial
eight banks are ABN Amro, Bank of America, Bankers Trust, Barclays
Bank, Chase Manhattan, Citibank, Deutsche Bank, and Hypo Vereinsbank.
Others have expressed interest in joining.)  These banks will issue
certs -- 1K keys initially, on smartcards -- to personnel at their
corporate customers.  The rules by which these banks issue these
cards, how the companies and employees treat the cards, notify
banks in case of turnover or compromise, etc., are all part of
joining.  We call these the "system rules."  It's way more than a
CPS (certification practice statement); it is a common contractual
arrangement that the banks and their customers will all be issuing
and handling and processing certs/cards in the same way.  That's
step two.

This step is perhaps the most important.  If someone at Tire Supplier
receives a signed email message from someone at Car Maker, and they
can see that CM's cert is within the GTO PKI, then they can trust
it as much as they trust their own certs.

Step three is online verification.  TS can present the CM's cert
to their bank and get verification that the cert is valid.  TS's
bank can trust CM's bank because of the common adherance to the
rules.  One of the rules for joining is that you treat peer banks
with as much trust as you trust yourself, provided they can be
shown to be following the rules.  Or perhaps shown to not be breaking
the rules. :)

The GTO believes businesses will trust these decisions to their
banks; that they'll pay the banks to manage the risk of trusting
the identities to which the certs attest.  (Hence, the for-profit
intent :)

Step four.  Now, suppose CarMaker sends a "request to buy US$1M
worth of tires" to TireSupplier.  TS can send CM's cert, a hash of
the message, and a request for "assurance" to his (TS's) bank.  TS
can decide that their exposure, should CM prove to not be who the
certificate claim, is US$100K.  So TS asks his bank for $100K assurance,
for a period of 30 days.  If it turns out that, say someone stole
CM's cert, or CM left the company and is now working somewhere else
buy using old credentials, or CM's bank didn't issue the CRL in a
timely manner, etc., TS's bank will pay TS the US$100K.  The system
rules include procedures for due diligence, arbitration, and (last
resort) legal recourse should TS need to "file a claim" on their
assurance.

Or, to put it in terms of the PR materials, business partners can
get warranties on the identity of their trading partners online,
over the Internet, as a new service from their bank.

Step five is to extend the hierarchy down so that the big banks
can "charter" or "sponsor" smaller banks.  The L1 might be a service
bureau for the L2's, an L2 might have its own CA, etc...

It is the GTO's plan to publish our certificate profiles (derived
from PKIX), directory schemas, system rules, network protocols,
smartcard requirements, etc.  It will be an open system

I can't talk about schedules, other than to say it's very aggressive. :)

If you're in the Boston area, Dan Geer will be giving a talk on
this at the November meeting of the Digital Commerce Society of
Boston, For more info, send "info dcsb" in the body of a message
to <mailto:[email protected]> . If you want to subscribe to
the DCSB e-mail list, send "subscribe dcsb" in the body of a message
to <mailto:[email protected]> .

Hope this helps.  I'll be out of the office Friday, but will try to answer
any questions I can next week.
	/r$

--- end forwarded text


-----------------
Robert A. Hettinga <mailto: [email protected]>
Philodox Financial Technology Evangelism <http://www.philodox.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'