Академический Документы
Профессиональный Документы
Культура Документы
of PKI
Fact Sheet
Content
INTRODUCTION
TRUST REQUIREMENTS
POLICY-BASED PKI
5.1
5.2
5.3
5.4
6.1
Legal certainty
6.2
Reasonable reliance
6.3
Enforceability
6.4
Liability
10
CONCLUSION
11
Introduction
Nine out of ten PKI implementations are primarily technology projects. This often
leads to legal aspects being ignored or at best based on superficial assumptions.
However, the full trust-enhancing potential of PKI can only be realized through a
proper interplay between technological and legal components.
This white paper aims to explain the benefits to your e-business strategy of
integrating legal components through policy-based PKI.
Contrary to popular belief, trust and security are not always the same thing.
Security is about controlling resources, which in an e-business context often
means access control, authorization, encryption etc. But security alone is often
not sufficient to obtain the trust that most businesses seek to establish with their
customers and partners.
Trust, at one level, is a highly complex and inherently individual emotion. As
such, it is difficult to define trust in rational terms. Nonetheless, trust can be
significantly enhanced through concrete measures. The objective of business
trust instruments and techniques is to achieve a proper understanding and
equitable allocation of all risk among all actors in a system. One can thus
strengthen an e-business environment by creating a common sentiment among
customers and partners that no one will suffer a disproportionate degree of
damage in the event anything goes wrong. Such a higher level of comfort allows
each participant to manage its risks more easily, thus lowering the participation
threshold. To create this sentiment (and thus enhance trust) in relation to ebusiness infrastructure one has to pay attention to, in addition to security, risks
relating to legal redress, individuals control over their data, transaction evidence
etc. At the core of most trust questions is the issue of identity: whos who. In
addition, trust will often require an assertion of relevant attributes (such as ones
credit history, membership of professional bodies, accreditation and certification,
etc.), ensuring whos what.
While security considerations are confined to the use of computers and networks,
trust measures build a bridge between such technical infrastructure and key
business imperatives.
In an electronic environment, the risks are different from in traditional paperbased environments: the Internet allows low-cost, instantaneous communications
and even the direct provision of certain types of services. In addition, geographic
Copyright 2001-2004 TrustWeaver AB. All rights reserved.
Trust requirements
Availability: ensuring that data are accessible when they have to be;
5
5.1
Policy-based PKI
Frameworks and standards
the identification process used to bind the public key to the users identity
can be based on different levels of proof (e.g. a passport, email address,
credit records)
Relevant requirements are prescribed in the CP. The CPS describes how a CA
implements these requirements. A big question in PKI is how the key CP and
CPS rules can be enforced against relying parties. A standardized way of
informing relying parties (called the PKI Disclosure Statement) has been
proposed , however varying approaches to relying party notification and
contracting exist.
The widely adopted document providing guidance on CPs and CPSs is the
Internet Engineering Task Forces (IETF) Internet X.509 Public Key
Infrastructure Certificate Policy and Certification Practices Framework, which can
be consulted on http://www.ietf.org/rfc/rfc2527.txt. This Framework will be
referred to in this document as RFC 2527.
RFC 2527 has in November 2003 been replaced with RFC 4637, however the
latter document modernizes rather than modifies RFC 2527.
5.2
The CPS addresses the way in which a CA meets the applicable CP, i.e. how the
CA lives up to the requirements.
Important issues in the CPS include detailed descriptions of:
5.4
As we will see further below (6.2.2.) the CA needs to take care to notify the
relying party of the conditions for use of a certificate and the limitations of liability.
However, the design of most CPs and CPSs does not take account of the fact
Copyright 2001-2004 TrustWeaver AB. All rights reserved.
that most legal systems will not grant legal effect to agreements or notices that
are too complex, obscure or voluminous for the circumstances. It is not
reasonable to expect for instance an individual to wade through a 200-page legal
document before deciding to rely on a certificate. Realizing this, the Internet
Engineering Task Force (IETF) has worked on a standardized short-form
notification document called the PKI Disclosure Statement (PDS).
It should be noted that the subject of enforcing rules against relying parties
remains an area of divergence; the above-mentioned IETF work has contributed
to greater harmony but there is no widely adopted standard yet. A complicating
factor is that certain PKI implementations lend themselves to a contractual
approach i.e. binding relying parties by contract rather than mere notice.
Contractual approaches work well in closed environments, but their value is very
limited when parties are not part of a common infrastructure.
Legal certainty
Legal certainty in PKI has two important aspects: enforceability and liability. The
aim of policy-based PKI is to maximize chances that any reasonably acting party
who relies on a digital signature can either enforce a certificate against a signor
or, should this not be possible, to recover damages from a party in the PKI
(Certification Authority or certificate holder) that does not live up to its contractual
obligations.
1. The first issue to ensure legal enforceability (see section 6.3 below)
is one of the most critical objectives of policy-based PKI. If you base an
important business decision on a digitally signed document, you want to
be sure that the signer cannot successfully deny his signature1.
2. The other legal issue is that of liability (see section 6.4 below). Imagine
you want to enforce a digitally signed document and take the party named
in the certificate to court. Suppose a judge admits the digital signature as
such as evidence, but your counter-party successfully proves that he was
not the signer of the document you relied on. As a result you may lose
your case and probably money. Your damage may be due to a mistake
made in the certificate registration process, for instance if it was issued to
a fraudster pretending to be your business partner. It may also be due to a
third party having obtained the signors private key, maybe because to the
latter was negligent in protecting it. In such cases it is important to know
who bears the risk for loss incurred by the relying party.
It is important to note here that also a party encrypting to the end entity named in a certain certificate relies on that
certificate. Although certificate challenges are less likely to occur in this scenario, they should not be excluded. The
legal issues described in this paper in principle apply equally to such cases.
6.2
Reasonable reliance
It is important to understand at this point that one cannot blindly rely on a digital
certificate. Before having the options to enforce a certificate or invoke a CAs or
signors liability, a relying party has to take certain steps to assure itself of the
certificates validity and appropriateness. These measures are often referred to
as relying party obligations, and having taken these steps means that you are
reasonably relying on a certificate (see 6.2 below). As we will see in 6.2.2,
though, the relying party will generally not be held to comply with rules it could
not be reasonable aware of because the CA did not inform him correctly.
6.2.1
Before relying on a certificate, the relying party must take certain steps to verify
its trustworthiness:
1. Check the certificates validity, which means that the relying party has to
check that the certificate:
a. has been signed by the CA and that the chain of trust to any
higher-level CAs is intact;
b. has not expired;
c. has not been revoked.
The above checks are typically performed automatically by the relying
partys software (for example, most well-known e-mail clients and
browsers will warn a recipient in case a certificate has validity
problems).
2. Respect any usage restrictions and take note of liability limitations that
are adequately notified to the relying party. In some cases, this more
normative reliance decision can be semi-automated: the software is then
programmed to accept only certificates governed by rules previously
judged appropriate by a human being.
If the relying party has not taken these steps, it cannot be said to reasonably
rely and may as a consequence not be able to enforce a certificate or invoke the
CAs or certificate holders liability. As an example, if the relying party has relied
on a signature based on a revoked certificate without having checked its
revocation status, the relying party cannot assume that the party named in the
certificate was indeed the signor, nor can it successfully claim that the CA and/or
the signor acted negligently to recover damages had the relying party been
reasonable and checked the revocation status, it would never have relied on the
signature in the first place.
6.2.2
The CA needs to take care to notify the relying party of the conditions for use of a
certificate and the limitations of liability. Meaningful notification of terms and
conditions is a key requirement in contract law. It is an even stronger requirement
in non-contractual situations such as those between a CA and a relying party in
complex e-business scenarios. The adequacy of a CAs notice of essential terms
in its CP and CPS to a large extent determines the effectiveness of a Policybased PKI.
When assessing the appropriateness of a notification, it is not only the
conspicuousness of the reference that is taken into account but also the
Copyright 2001-2004 TrustWeaver AB. All rights reserved.
Enforceability
Admissibility as evidence
Legal effect
Once a signature has been admitted as evidence, the judge has to decide
whether the signature has legal effect.
Most laws today include a non-discrimination rule, which typically states that an
electronic signature should not be denied legal effect only because it is in
electronic form. However, the non-discrimination principle does not necessarily
mean that the judge will find the signature sufficiently trustworthy to enforce. The
judge further has to assess the probability that the signature was the result of an
error or fraud. If the judge deems it sufficiently probable that the certificate was
indeed validly issued to the named end entity, then the relying party may enforce
the signature.
In some cases the law explicitly requires that something be signed with a
handwritten signature. In such cases an electronic signature may in some
jurisdictions be able to replace a handwritten signature, whereas in others this is
not possible. Certain laws have introduced specific kinds of electronic signatures
for meeting such signature requirements, such as the qualified electronic
signature in the E-Signature Directive. In areas such as real estate law and family
Liability
If the certificate is denied enforceability, the relying party may sue the CA for
issuing a fraudulent or flawed certificate. The CA is in principle liable for mistakes
in certificate issuance, although there are ways in which the CA can limit its
liability. There may also be instances where the principal or only reason for a
certificates untrustworthiness lies with the certificate holder this may happen
for example if the certificate holder has acted negligently in protecting its private
key. In this case the CA may not be the (only) liable party.
6.4.1
CA liability
In certain jurisdictions there are mandatory laws that restrict the CAs possibilities to limit its
liability e.g. the EU E-Signature Directive .
Copyright 2001-2004 TrustWeaver AB. All rights reserved.
10
The CA and the certificate holder have a contractual relationship where both
parties can be liable for breach of contract if they dont comply with their
respective obligations.
Between the certificate holder and the party relying on a certificate there may or
may not be a contract dealing with rights and obligations around the use of
certificates. However, in cases there will be no such contract there are good
reasons to protect the relying party in case the certificate holder has been
negligent, an approach that certain laws have adopted.
Conclusion
The full trust-enhancing potential of PKI can only be realized through a proper
interplay between technological and legal components. Integrating a
proportionate legal component within your PKI helps you to manage the risks
related to opening up your e-business environment to people and entities that are
not within your direct control. The most effective way to achieve this is by
adopting a policy-based PKI, which introduces a rules infrastructure that gives
communicating parties increased legal certainty.
www.trustweaver.com
Contact us on www.trustweaver.com if you have any questions or wish to
discuss the content of this White Paper.
11