Searching for Meaning – Performatives and Obligations in Public Key Infrastructures

This paper begins by giving examples of the confusion between technical and legal terminology in public key infrastructures (PKIs). It argues that the conduct of business needs to happen within a technically and commercially secure environment where the business risks can be addressed by examining the conditions in which performatives are effective, and the infelicities which herald their failure. Semantic analysis of the permitted, the obligatory, and the forbidden acts described within certification practice statements reveal the deontic structure of performatives in PKI relationships. It proposes a semantic schema that distinguished between semantic elements, substantve rules, and procedural rules that embodies obligations imposed on various parties. It is a first attempt at investigating methods of modelling communication acts between parties using PKI in open electronic commerce settings. The copyright of this paper belongs to the paper’s authors. Permission to copy without fee all or part of this material is granted provided that the copies are not made or distributed for direct commercial advantage. Proceedings of the Fifth International Workshop on the Language-Action Perspective on Communication Modelling (LAP 2000) Aachen, Germany, September 14-16, 2000 (M. Schoop, C. Quix, eds.) htttp://www-i5.informatik.rwth-aachen.de/conf/lap2000/ J. C. Tseng and J. P. Backhouse 96 The Language-Action Perspective on Communication Modelling 2000 1. Performatives and Public Key Infrastructures Recent advances in public key cryptography provide an enabling platform for the secure exchange of electronic business documents. While much has been written about the potential for Public Key Infrastructures (PKIs) in securing electronic commerce, little consideration has been given to how business performatives might use PKIs. The presentation of digital certificates is said to ‘authenticate’ trading parties. Digitally signed messages are said to ensure message integrity and thus provide ‘non-repudiable’ evidence. Certificate-based applications are said to reduce ‘risk’ in transacting, providing the much-needed ‘security’ for electronic commerce. At the low technical level these ‘secure’ electronic commerce applications, based on PKI, offer various technical protocols which at the higher social level can signal intentions, create obligations and perform business acts. Viewing PKIs from this angle suggests the primary role for PKI applications might be to ‘do things’ rather than merely to exchange information. However, words such as ‘trust’, ‘authentication’, ‘non-repudiation’ and ‘risk’ have been overloaded with meaning in the general hyping of security and electronic commerce. This tendency is especially disturbing when legislative efforts seek to extend the cryptographic context of use of terms directly into legal terminology. Ellison and Schneier illustrate this danger when they claim the term ‘non-repudiation’ in academic cryptography refers to unlikelihood of a forged digital signature because of the strength of the digital-signature algorithm [Ellison and Schneier, 2000]. The technical use of the term ‘non-repudiation’ however has been extended to the legal domain, assigning legal responsibility for digitally signed signatures to legal entities who are not allowed to repudiate. This apparently logical extension of meaning is dangerous because it assumes the social world operates in circumstances similar to the idealised world of the mathematical algorithm. A digital signature can be created by anyone with access to the signing key. The signing key could have been compromised by anything from computer viruses, Trojan horse programs, insecure computing environments, to unauthorised, and unintended signing of the signature. Such legislative efforts therefore pre-empt perfectly valid reasons for disputing a digital signature rather than provide the certainty needed for secure electronic commerce. It has been rather difficult to disentangle the various meanings of terms adopted in PKI, especially when there are no simple analogies for performatives traditional in the paper-based world. Fortunately there are easier ways of analysing communication acts between parties using PKI. In publicly available Certification Practice Statements (CPSs) Certification Authorities (CAs) declare their contractual relationship with certificate holders and relying parties. These CPSs form the contractual framework in which the CAs obligations are advertised and discharged. The study of business performatives and deontic structures in PKI could be facilitated by examining the obligations and liabilities documented in CPSs. This paper describes our approach towards modelling business Searching for Meaning The Language-Action Perspective on Communication Modelling 2000 97 performatives and deontic structures in open PKIs. The approach is firmly based in the economic [Williamson, 1979], legal and socio-linguistic disciplines [Stamper, 1987]. Instead of focusing on the technology per se to resolve the issues of trust and risk, we focus on the patterns of commercial and organisational behaviour. Semantic and legal analyses specify the social and organisational affordances and ontology in this domain, and the norms that the various agents must share in order to interact with confidence. This analysis of performatives in trust services utilising PKI is distinct from analyses of business transactions in electronic commerce [Bons, 1997][Wiegand, 1998]. PKI provides the platform for authenticating the origin of data, securing message confidentiality and integrity for electronic commerce. PKI infrastructure by itself does not engage in transacting, even though it does go some way towards enabling the clarification of communication acts and business performatives. The widespread availability of large-scale PKI infrastructure could allow truly open electronic commerce if it enabled parties without pre-arranged relationships to interact and transact with confidence [Lee, 1999][Tan, 1999]. In section 2, we illustrate deontic structures in PKI. We describe in section 3 our research framework for semantic analysis of CPS. We conclude in section 4 with the discussion of the potential for this type of research. As the research described here is still in the early stages of development, our purpose is to illustrate the value of such an approach and to solicit comment from the academic community. 2. Deontic Structures in Public Key Infrastructures As described in the technical standards [X.509, 1997][PKIX, 1999][RFC 2459, 1999], certificate users (denoted as RP for relying parties) using the PKI rely on certification authorities (CA) for the accurate binding between natural persons (EE for end entities) and the public keys certified in digital certificates (“certificate”). The contractual framework for using the trust services of a CA is shown in figure 1. The obligations and liabilities of a CA to all parties are described in the CA’s CPS. Some CAs explicitly declare their obligations and liabilities to an EE in a separate subscriber agreement, and to an RP in a separate relying party agreement (RPA). We use the term CPS to encompass all the CA’s contractual obligations and liabilities. Most PKIs in deployment today assume that EEs and RPs operate within the contractual framework of one root CA with certification depth of one (rather than one root CA with subsidiary CAs, or two distinct root CAs shown in Figure 1). Certificate users reverse roles from RP to EE as security protocols and the transaction processes require. For the sake of simplicity, we will illustrate the issues from the perspective of the merchant as an RP. 1 The distinction between certification authorities (CAs), issuing authorities (IAs), and registration authorities (RAs) will not be considered in this paper owing to space limitations. J. C. Tseng and J. P. Backhouse 98 The Language-Action Perspective on Communication Modelling 2000 Consumer/ Assume EE Merchant/ Assume RP Good and services Payment CA2CPS2 CA1CPS1 Institutional Environment Relying Party Agreement (RPA) Interoperability Agreement Subscriber Agreement Institutional arrangements Figure 1: PKI Relationshipsthe Four-Cornered Model A merchant in open electronic commerce needs to decide which CAs to ‘trust’ in order to authenticate EEs and their digital signatures. Evaluating which CAs to ‘trust’ entails studying individual CPSs to determine the appropriateness of the certification policy for particular business processes and applications. Failing that, ‘trust’ in a particular CA is based merely on the reputation of that CA. Note the word ‘trust’ here conveys reliance rather than confidence. The legal relationship between the CA and the RP is also problematic because of the lack of an explicit contractual relationship. Unlike the CA’s relationship with the EE, where a service is provided in exchange for a consideration (the issuance fee), RPs that rely on the CA to authenticate an EE’s certificate only enter into a contractual relationship (the service warranty) with the CA once the RP decides to accept a certificate issued by that CA. A CA provides warranties to the RP only when a series of checks and conditions specified in the CPS and RPA is fulfilled. Current storage and processing constraints limit the amount of information that can be included in the certificate. An RP only sees a highly condensed digital certificate in an abstract syntax notation [X.509, 1997] where the terms and conditions are incorporated by reference. Since CPS and RPAs are carefully crafted to limit CA liability, unsuspecting RPs would be naïve to place their confidence in the CA solely based on such premises. As PKI services are just emerging, whether such practices are enforceable in a court of law will need to be tested. Here there is the usual tradeoff of risk and reward. Merchants will be prudent to rely only on CAs with whom they stand a reasonable chance of engaging in disputes and claiming compensation. However they will also be limiting themselves in terms of EEs with whom they interact and transact business. While the business risk needs to be balanced with the potential for business gain, this example shows the how the word ‘trust’ has been overloaded with meaning. ‘Trust’ was originally used in academic cryptography to assert that a certification ‘authority’ could be relied on to provide a secure mechanism of exchange of public keys. It has somehow been Searching for Meaning The Language-Action Perspective on Communication Modelling 2000 99 taken for granted that the assertion itself is sufficient for confidence. Similar analyses can be given for the terms ‘authentication’, ‘non-repudiation’, and ‘risk’. Many information security experts, legal experts, and civil liberty advocates recognise the problems of the multiple meanings and interpretations of PKI terms and conditions. However, most assume that such ambiguities can be resolved through legislation and policy or through clarifying the allocation of liabilities. We believe it is too early to recommend or design solutions without a clear understanding of the full extent of business and technical risks in PKI. The business risks can be addressed by examining the conditions in which performatives are effective, and the ‘infelicities’, which herald their failure. The profile of business risks can be thus examined by analysing the deontic logic in PKI relationships. Deontic obligations entered into by PKI parties specify the permitted, the obligatory, and the forbidden acts and state of affairs. Semiotic framework In the analysis of Contracts In the analysis of PKI Risks and Interdomain Trust Business world Business environment in which commercial arrangements are enforced, informally through sanctions and formally through dispute resolution Business and legal interpretation of contractual arrangements for certificatebased applications, e.g. business models based on Signed XML documents, OCSP Responder extensions Pragmatics – intentions Context, commercial norms and culture, and common practices which affect the expectations, assumptions, and intentions of the contracting parties Certificate usage, e.g. interpreting CPSs, CPs, policy extensions, policy mapping, cross-certification, trust transfer dynamics Defining roles and obligations, determining liability, and dispute resolution process Semantics – meanings Understandings, agreements and obligations derived from the utterances, gestures, etc. in a given context Certificate and signature semantics, e.g. signature verification and certificate-based authorisation Syntactics – formalisms Contracting procedures such as offer and acceptance, or formal requirements such as writing and signatures Certificate and signature syntactics, e.g. certificate processing and validation, authentication and signature protocols Empirics – signals/codes The physical signs used in the contracting process: verbal utterances, gestures, written letters, actions performed on web sites, etc. Certificate profiles and digital signatures, cryptographic algorithms and standards Physical world Markets for products and services Information systems security and compatibility Table 1: Semiotic framework for analyses of roles, obligations, and risks in PKI J. C. Tseng and J. P. Backhouse 100 The Language-Action Perspective on Communication Modelling 2000 The analysis of deontic structures can be approached further using the following semiotic framework (see Table 1). This approach to information systems and their specification was first developed under the LEGOL project (Legally Oriented Language) [Stamper, 1979] which later led to the NORMA language (Norms and Affordances) [Stamper, 1986]. Unlike other specification formalisms, NORMA has an explicit semantic theory and places the responsible agent at the centre of the determination of meaning. It was developed by reiterations of testing semantic models against legal norms. It has been adopted for the study of information systems security [Backhouse, 1996], electronic contracting [Backhouse and Cheng, 2000] and now PKI. 3. Framework for Semantic Analysis of Certification Practice Statements An overview of how we intend to study deontic structures in PKI is shown in figure 2.