[CAP] Then Again... (was Re: CAP Security UsingDigitalSignatures)

Hannes Tschofenig Hannes.Tschofenig at gmx.net
Thu Mar 12 14:11:01 PDT 2009 

Hi Art, 

>On Mar 12, 2009, at 3/12/09 1:17 PM, Hannes Tschofenig wrote:
>> What does it mean if you have authenticated the message sender?  
>> Would this tell the user a lot?
>
>It would indeed.  For human recipients the credibility of the 
>source is one of the chief factors in warning message 
>effectiveness.  And do we expect automated systems to sound 
>sirens or interrupt broadcasts or ring cellphones without 
>being able to determine that the message is intact and 
>authentic and verifiably from a source that can be held 
>accountable?  Not likely.

Most systems (even the systems that are being standardized today) are based
on the assumption of hop-by-hop security). 

No digital signature does not mean no security; just means different
security mechanisms. 

>
>> If you cannot verify the signature do dump the message?
>
>Depends on the circumstance, but in many cases (see above) the 
>answer would be "yes"... if a message can't be attributed to a 
>particular source, or if that source isn't considered 
>authoritative according to  
>the recipient's own policy, then that message may well be ignored.   
>Depends on the costs of a "false positive"... for something 
>like a server outage alert, they may be low and such 
>safeguards excessive, but for a large-scale public warning 
>application they're politically essential.
>
>As for a PKI... we've been experiencing a chicken-and-egg 
>deadlock for a number of years now.  Without implementations 
>that use digital signatures, there's been no demand for a PKI. 
> And many implementers have been waiting for someone to 
>establish a PKI before they start developing such 
>implementations. Fortunately, it's possible develop and 
>demonstrate such implementations on a limited scale without 
>requiring a full-blown PKI, so that's the end of the string I 
>suggest we tug on first.
>
>Personally I'd very much like to see a membership-based 
>organization like COMCARE take the lead in deploying a PKI for 
>public safety users.  But we don't have to wait for the 
>perfect before we experiment with the good.

Sure, it would be nice to have those things in place but getting there is
tough.
If you use the trust anchors already available in the browser then you could
deploy something that may work but obviously you wouldn't get the same
guarantees as in a case where you have those entities distributing warnings
also being accredited (for example, by COMCARE or ITU-T) in order to get a
certificate. 

Ciao
Hannes


>- Art
>
>
>_______________________________________________
>This list is for public discussion of the Common Alerting 
>Protocol.  This list is NOT part of the formal record of the 
>OASIS Emergency Management TC.  Comments for the OASIS record 
>should be posted using the form at 
>http://www.oasis-open.org/committees/comments/form.php?wg_abbre
>v=emergency
>CAP-list mailing list
>CAP-list at lists.incident.com
>http://lists.incident.com/mailman/listinfo/cap-list
>
>This list is not for announcements, advertising or advocacy of 
>any particular program or product other than the CAP itself.
>

More information about the CAP-list mailing list