DRAFT: this version dated 2004-01-12
Tommi Karttaavi <tommi.karttaavi@iki.fi>
ISOC Finland
Finland
Selvan V. Rajan <selvanvr@netscape.net>
Ultimia Wireless, Inc.
USA
This paper is a discussion of the required elements of the identification of ISOC members and PKI requirements to do the identification.
This paper is a product of the ISOC-PKI Working Group (http://www.isoc.fi/isoc-pki/). It discusses the possibility of using Public Key Infrastructure to identificate Internet Society (ISOC) members when they interact electronically with ISOC, ISOC Chapters or other bodies relating to ISOC. The paper also makes recommendations on forming the necessary organization and the usage of PKI.
This paper represents the consensus view of the members of the Working Group. It is to be read as a recommendation and does not necessarily reflect any views or policies ISOC might have on the issues discussed in it.
The Internet SOCiety (ISOC) is a professional membership society with more than 150 organization and 11,000 individual members in over 182 countries. It provides leadership in addressing issues that confront the future of the Internet, and is the organization home for the groups responsible for Internet infrastructure standards, including the Internet Engineering Task Force (IETF) and the Internet Architecture Board (IAB).
The Society is governed by its Board of Trustees elected by various constituencies. The organization currently consists of 11 officers (Chair, President/CEO, Secretary, Treasurer and seven Vice Presidents) and an administrative staff of nine.
ISOC has a network of Chapters around the world. Chapters are financially self-supporting and have their own membership of individual members who are also by default members of ISOC.
Any individual may join the Internet Society as a Global Member, which is currently free at the ISOC web site. Global Members may join one or more Chapters according to their own interests and what is permitted by the Chapter. Chapters may have categories of memberships and may charge a fee to be a member.
ISOC By-Laws and Policies call for the Trustees on its Board of Trustees to be elected or selected by various constituencies, namely Organizational Members, Chapters, the ISOC standards organization (embodied by the Internet Architecture Board) and Individual Members. The Board of Trustees itself is empowered to appoint a limited number of Trustees over and above the constituency-based Trustees.
PKI, (Public Key Infrastructure), is a system that facilitates the distribution of public keys for Public Key Cryptography It is an infrastructure to provide a secured environment to transfer data from one point to another, with allowed and verifiable identity. As there are many security infrastructures available, PKI provides us with a cohesive set of procedures and services to conduct a secured transaction. The PKI provides a complete life cycle management system in handling key and certificate.
Public Key Cryptography or asymmetric cryptography, involves encrypting data using one key and decrypting the encrypted data using another key. Typically, people encrypt data using the recipients public key which only the recipient can decrypt as its the owner of the corresponding private key.
All transactions should be signed, then only ecommerce transactions will take place between or among many parties. It gives the utmost confidence in the transaction coming in from their partners. To sign one needs a key. The key can be either a secret key or a public key. The secret key cryptography happens if both the parties have the same secret to encrypt and decrypt the information. In the public key cryptography, the private key stays with the information requestor, and the public key will be distributed to other parties who want to send the information in a secured way. Once the information is received, the private key will be used to decrypt it.
The public key will be generated for any entity based on the information provided to Certificate Authorities [3.4] after verifying the information. Hence, the public key can act as a digital proxy for that person. It is kind of identification card being presented without being there personally.
When the public key is distributed, it should have been signed by a well-known authority to be trusted. Otherwise, one person can fake being an another person. For any reason, if someone wants to make sure that the public key that one has received is valid, he can interface with the issuing Certificate Authority to verify to whether it was issued by them, to whom it was issued, how long it was valid etc.
In Public Key Cryptography, digital certificates can be used to secure communication between 2 parties by encrypting/signing the data and/or by encrypting the communication channel. Identity Certificates are used to facilitate the latter. They are used by entities to prove their identities to the recipients of the data that is using a secure communication channel (such as HTTP over SSL).
Certificate Authorities are entities that certify owners of public keys. These entities issue digital certificates to requestors. Public key certificates are issued by the Certificate Authorities for a fee to the requestor after verification. The requestor can be a computer system or a person. The CAs are the foundation of the entire PKI. They issue, maintain, verify, revoke certificates, and in some cases decrypt messages.
The PKI as it is covered in 3.4, is a complete infrastructure itself. It helps to maintain the entire life cycle of the public key system. It is the basic source of trust to start with in any transaction. Firstly, people have to trust the CA issuer to trust the party they deal with. Secondly, the CA should provide all mechanisms involved in the PKI world to deal with public key. It has to address from issuance of certificate to verification of them to scalability issue, maintenance issue, support issue, etc. These altogether can claim that PKI is an infrastructure on its own.
PGP (Pretty Good Privacy), is an encryption system that allows people to communicate with each other securely. The PGP Web of trust is a model where encryption keys authenticity is confirmed by other persons as introducers.
Public Key Infrastructure has the potential to be useful to ISOC in helping to validate the identity of its members. The key applications where PKI would be needed are voting and controlling access to web sites. Most important of the procedures that include voting within ISOC is the election of the members to ISOC’s governing body, the Board of Trustees.
ISOC is a membership organization with individual and organizational members. There used to be a membership fee, but since the beginning of 2002 the individual membership has been free (organizations still pay for the membership). This was part of a major governance renewal that included changes in the Board of Trustees elections. Prior to the free membership all Trustees were elected with votes from individual members, but they no longer can vote because the mechanism for verification (invoicing) doesn’t exist any more. The Trustees are now elected by the organizational members (6 Trustees), standards bodies IAB/IETF (3 Trustees) and Chapters (3 Trustees, only Chapter Presidents are eligible to vote).
ISOC has two kinds of individual members: those who belong to a local chapter and those who do not. We can also take an alternate approach to having two kinds of members: people who are interested and people who are involved.
People who are interested in matters that are within ISOC’s scope, regard ISOC as an information channel among others. They want to receive information, but do not participate actively. People who are involved typically belong to a Chapter (but not necessarily) and often serve as Chapter Officials. They participate in discussions, make initiatives and participate in working groups and committees locally and globally. In order to give those people more influence it is important to know who they are. In order to give people for example the right to vote, there has to be reasonable certainty that they do not vote with multiple identities. At the same time, those who are merely interested can carry on being on the mailing lists without having to go through any identification verification processes.
The infrastructure includes the players, as described in chapter 3, and the processes by which they interact with each other. ISOC certificates are for internal use only, so the infrastructure is built on the existing organization. Users in this case are individual members, ISOC central organization is the Certification Authority, Chapters are Registration Offices and Chapter’s delegated persons are Registration Authorities. Every Chapter has initially one Registration Authority, a person who is known to the ISOC central organization, or who can adequately verify her/his identity. This person, who in most cases is likely to be the Chapter President, can delegate the authority to other members of the Chapter.
ISOC central organization can also delegate Registration Authority to trusted members of the Internet Society who are not members of any Chapter.
Accreditation criteria for a Registration Office will have to be added to the criteria for forming a Chapter. ISOC will also publish operating guidelines for the Registration Offices. The operating guidelines will include accreditation criteria for Registration Authorities, which includes minimum requirements for identity verification. The Chapters are required to maintain a list of people who are accredited as Registration Authorities. The list includes names, ISOC ID numbers, contact information and a description of how their identities have been verified. Registration Offices are subject to audits by ISOC at all times.
Directory services can be managed by ISOC or outsourced.
Certificates are revoked when the email address they are tied to expires or the certificate holders membership is terminated. Any abusive or criminal use of the certificate constitutes grounds for immediate revocation. Certificates can also be revoked and new ones issued if the integrity of the certificate is deemed compromised.
As the sign-up process needs to be as uncomplicated and straightforward as possible, the verification of identities should happen after one has become a member and only if one wants to enjoy privileges that apply to verified members only.
When a member wants her/his identity to be verified s/he requests a certificate from the Registration Office (an ISOC Chapter). If this person is a paying member of that Chapter, no further identity verification is needed. If s/he is a Global Member without Chapter affiliation, or the Chapter in question does not charge membership fees, s/he needs to verify her/his identity to a Registration Authority before the certificate is issued. This requires a meeting in person with the Registration Authority (a Chapter’s delegated person) and presenting at least one form of legal photo identity documentation (e.g. passport, driver’s license, national ID).
If a member requesting a certificate lives in an area where there are no Registration Authorities in the vicinity, s/he can verify her/his identity to ISOC by paying a verification fee.
The information bound to the certificate is:
If a member changes the email address s/he uses within ISOC, then s/he will have to notify the CA of the change with an email message signed with the ISOC certificate. After verifying that the new email address is a valid one, a new certificate will be sent to the member.
Internet Society (2001). Procedures for selecting Trustees. [Online] Available HTTP: http://www.isoc.org/isoc/general/trustees/select.shtml [2001].