Can the Post Office Save the Internet? (And vice versa?)

Enhanced identity credentials. We routinely offer a widely accepted credential (usually a drivers license) to facilitate in-person transactions, but there is no similar credential in the virtual world. Several years ago it was widely thought that public Key systems would provide a basis for universal and robust identification for a host of on line interactions.

However, the promise of PKI has not been realized. This is part a function of the herky-jerky nature of technical innovation, and partly because public key crypto was burdened with unreasonable expectations. The phrase, “non-repudiation” quickly became associated with PKI, suggesting that it could hold every certificate owner legally responsible for every keystroke, and that “wet” signatures heretofore necessary and sufficient for the signing of contracts would become a thing of the past. Much was written by lawyers about the the legal verifiability of digital signatures and many changes were made to the PKI standard by technologists to accommodate evolving needs.

(see http://www.cs.auckland.ac.nz/~pgut001/pubs/pkitutorial.pdf as one example). An elaborate structure constructed under the rubric of X.509 was proposed to create so-called “distinguished names”. One of the problems wrestled with during this period was that of “Certificate Revocation Lists” or CRLs. Briefly, it goes like this: If Alice relies on Bob's certificate for some purpose, then Alice needs to be sure that Bob's certificate hasn't been revoked since it was issued. (Perhaps because Bob's private key was compromised). So technical committees concocted an elaborate protocol whereby Alice could get up to minute status on Bob's certificate, and lawyerly graybeards stroked their chins about the legal validity of CRLs. But ultimately, it proved as impractical as having store clerks consult a long list of stolen card numbers before completing every card transaction.

Suffice it to say, the vision of PKI as the silver bullet of on-line identification never took off.

But if we were to scale back our expectations and requirements, PKI could serve some current needs admirably. Suppose you could go to your local post office, show a drivers license, pay a modest fee, and be issued a certificate that asserted only that on a certain date, the holder of this certificate identified himself to a post office in the state of Virginia. In other words, the certificate would assert only that the bearer is a real person with a real identity, not a spammer. Businesses, large and small, represented by a real person, could do the same. Then, you could instruct your computer (or your ISP) to block all mail that wasn't accompanied by a “this is a real person” certificate. If a real person, who happens to be a spammer, obtains such a certificate, then it would be a simple matter to block the mail uniquely identified by that certificate. While the certificate would be cheap, it wouldn't be so cheap as to make “certified spam” a paying proposition. And if a certificate were associated with threats, harassment, or other malfeasance, a judicial warrant could be invoked to reveal the identity of its owner.

This would also permit widespread use of encrypted email. If your in box is anything like mine, most of the mail is from repeat correspondents. With certificates all around, the first exchange of email would create a symmetric session key that could be relied on for a few weeks or longer.

A couple of possible objections:

Wouldn't this destroy anonymity on the net, thereby undermining its usefulness as a medium of free expression and a useful tool for whistle blowers?

No. First off, a warrant would be required to identify the certificate holder. But even if one assumes that the judicial system is compromised, and that jack-booted thugs (or the NSA) will subvert the system somehow, it is perfectly reasonable to suppose that anonymous proxies will accept mail, or other connection types without demanding a certificate. If the Washington Post, various hotlines, and private detective agencies choose to accepted non-certified mail, they will not make a tempting target for spammers or hackers, since they provide no conduit to the credulous souls that actually respond to spam or connectivity to systems worth subverting.

During the late 1980's there was considerable discussion about the privacy impacts of caller ID for the phone system. (http://catless.ncl.ac.uk/Risks/8.42.html#subj1.1). On balance, it would seem that most people prefer the advantage of knowing who is calling before they answer the phone.

Wouldn't the expense and and hassle of maintaining the certificates outweigh the benefits?

Given the low level of trust associated with the certificate, it seems unlikely. Potentially, the certificates might never expire. Certificates would only need to be verified occasionally, for example, when one received an email from a new correspondent. Mail to and from your bank, your doctor, your friends and the garage would all be encrypted with the symmetric key that was established at the first email exchange. Post offices are ubiquitous and have been in the business of facilitating the reliable delivery of messages for generations. It would be easy for certificate owners to solve problems and update keys when there is a walk-in help desk in every zip code.

OK, so Carl Clueless has his bright, shiny new certificate. But because he's as stupid as someone who composes text messages on the Santa Monica Freeway during rush hour, his private key is gathered up by a bot herder and used to impersonate him. Now what?

The bot herder can't impersonate him, since he doesn't know who Carl is. All he knows is that he has the credential of someone who went to the post office and presented an ID. If the spammers want to know who Carl is, they are going to have to identify themselves to the PO. If the spammer uses it to send spam, it won't be long before the certificate winds up on users' and ISPs' blacklists, Note, this isn't a CRL, at least not in the traditional sense, because it is distributed, and no entity is responsible for maintaining it. But when Mr. Clueless discovers that his mail is being rejected all over the place, he will trudge to the PO, get a new certificate for say, $10-20 dollars and probably ask himself, “How can I keep this one safe?”

There are questions: How do we help Carl Clueless guard his key? By placing on a read only USB stick? Maybe. This seem to be the only way to make it portable. And there may issues I haven't though of (incredibly). I'd be interested to hear the ideas of others.