[CAP] Then Again... (was Re: CAP Security Using DigitalSignatures)

[Art Botterell]

On Mar 12, 2009, at 3/12/09 1:17 PM, Hannes Tschofenig wrote:
> What does it mean if you have authenticated the message sender?  
> Would this tell the user a lot?

It would indeed.  For human recipients the credibility of the source  
is one of the chief factors in warning message effectiveness.  And do  
we expect automated systems to sound sirens or interrupt broadcasts or  
ring cellphones without being able to determine that the message is  
intact and authentic and verifiably from a source that can be held  
accountable?  Not likely.

> If you cannot verify the signature do dump the message?

Depends on the circumstance, but in many cases (see above) the answer  
would be "yes"... if a message can't be attributed to a particular  
source, or if that source isn't considered authoritative according to  
the recipient's own policy, then that message may well be ignored.   
Depends on the costs of a "false positive"... for something like a  
server outage alert, they may be low and such safeguards excessive,  
but for a large-scale public warning application they're politically  
essential.

As for a PKI... we've been experiencing a chicken-and-egg deadlock for  
a number of years now.  Without implementations that use digital  
signatures, there's been no demand for a PKI.  And many implementers  
have been waiting for someone to establish a PKI before they start  
developing such implementations. Fortunately, it's possible develop  
and demonstrate such implementations on a limited scale without  
requiring a full-blown PKI, so that's the end of the string I suggest  
we tug on first.

Personally I'd very much like to see a membership-based organization  
like COMCARE take the lead in deploying a PKI for public safety  
users.  But we don't have to wait for the perfect before we experiment  
with the good.

- Art