16.2. Problems with Public Key Infrastructures PKI technology was originally designed to be deployed globally. The idea was to have a single certificate infrastructure in which all users and devices would participate. Despite all the advantages of such a system, this has proven impractical: the amount of coordination and trust required to establish a global infrastructure is enormous, and no one has been able to do it in the 25 years since a global PKI was originally proposed. Apart from such political problems, usabilityor, rather, a lack of usabilityis the main reason for the failure of public key infrastructures. Usability issues hamper PKI deployment even at much smaller scales, such as within a single company or within a supply chain. Here is a list of usability problems that people are confronted with when trying to use a PKI: Users don't have an intuitive understanding of public key cryptography. A study conducted by Whitten et al. shows that users have trouble understanding the difference between public and private keys, as well as the role that certificates play.[4] There is no intuitive model that explains the security properties of a PKI. (In contrast, in the physical world, we understand that, say, those who have the key to our house can open the front door.) [4] Alma Whitten and J. D. Tygar, "Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0," Proceedings of the 8th USENIX Security Symposium (1999), 169184. See also Chapter 34, this volume.
Users don't understand the connection between the PKI and the application goal they are trying to achieve. For example, the application goal might be to send a confidential email message. It is not clear to the average user what this has to do with certification authorities, key pairs, etc. Lamentably, the standard practice of reusing certificates across applications ensures that users will be exposed to gory PKI details: they must configure their applications to use certificates, understand when to request and how to install certificates, and so on. Not only do users not understand why they need certificates in the first place, but tasks such as requesting and installing certificates are often too cumbersome[5], [6] (see the sidebar, "Case Study: Traditional PKI Deployment for an Enterprise Wireless Network"). [5] P. Doyle and S. Hanna, "Analysis of June 2003 Survey on Obstacles to PKI Deployment and Usage" (2003); www.oasis-open.org/committees/pki/pkiobstaclesjune2003surveyreport.pdf.
[6] P. Gutmann, "Plug-and-Play PKI: A PKI Your Mother Can Use," Proc. 12th USENIX Security Symposium (2003), 4558.
As mentioned earlier, certificates often attest that a certain public key belongs to a certain name (usually referred to as identity certificates), as names are considered easier for users to work with. However, in large PKIs, this changes the problem of finding the correct certificate for someone into a naming problem (e.g., knowing the "John Smith" in marketing from the one in accounting). It also means that for a CA to issue a certificate to the "right" person, it must have the ability to tell that the recipient is indeed the rightful owner of a particular name, not just a particular key pair.
As a result, organizations simply don't even bother issuing certificates to end users, limiting the use of certificates to servers that have been painstakingly configured by trained administrators. |
