Population-scale PKI

Written by

Posted on 1 Comment

[Dave Birch] The Land Registry, the government agency that records who owns Britain’s land and buildings, has spent the past decade developing an e-conveyancing system to make buying and selling houses easier and more certain. It’s going to be using PKI to secure the system. Authorised parties will be able to exchange information quickly, securely and reliably with each other and the Land Registry. Documents will be encrypted and “signed” with a digital certificate, and people will require a secure token, username and password to produce and read the documents. Final testing is underway and when it goes live, expected in early summer, it will be able to process up to 300,000 documents a day and support up to half a million security “certificates” from property professionals such as conveyance attorneys.

,


It sounds like a great system. Let’s hope that it’s designed and implemented to a high standard, because systems like this one have no margin for error. Even when bad implementation leads to errors that aren’t serious, as with the UK Passport Office, it can have a very bad impact on confidence. Look at the impact of yesterday’s HMRC failure: no data was lost or compromised, yet public faith in government ID has been seriously undermined.

Of course, when bad implementation or an incomplete understanding of PKI leads to errors that are that serious, the results can be disastrous. India has a PKI-based digital signature system managed through digital certificates issued by licensed CAs. The CAs are authenticated by the Controller of Certifying Authorities (CCA) who is the root certifying authority in India. Every digital certificate owner therefore needs to download the digital certificate of the certifying authority as well as the digital certificate of the Controller when he has to install or verify the end user certificate in his system. In October 2007, this CCA site (which is supposed to be 24/7) went down. This meant that no-one could authenticate certificate chains. I’ve no idea how much this actually cost businesses, but in a future society where all sorts of transactions are conducted digitally and demand authentication, this kind of centralised solution is an obvious weakness. Surely an intelligent terrorist would want to cripple this kind of root rather than waste time blowing up the odd building here and there.

Still, I’m sure it’s now well understood that building a large identity management system with a single central point-of-failure is, essentially, designing-in failure.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]

1 comment

  1. At least they got the distributed validation right as part of the infrastructure, now let’s see if they can deploy it properly (e.g. maybe more than a single validation responder). This really is an interesting application and has a chance to show e-commerce and PKI in the mainstream.

    Reply

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this:
Verified by MonsterInsights