March 10, 2014

How Bitcoin just made a bid to join the mainstream -- the choice of SSL PKI may be strategic rather than tactical

How fast does an alternative payment system take to join the mainstream? With Paypal it was less than a year; when they discovered that the palm pilot users were preferring the website, the strategy switched pretty quickly. With goldmoney it was pretty much instant, with e-gold, they never achieved it.

With Bitcoin's new announcement, we can mark their intent as around four years or so. Belated welcome is perhaps due, if one thinks the mainstream is actually the place to be. Many do, although I have my reservations on this point and it is somewhat of a surprise to read of Bitcoin's choice of merchant authentication mechanism:

Everyone seems to agree - the public key infrastructure, that network of certificate authorities that stands between you and encrypting your website, sucks.

Itís too expensive. CAís donít do enough for the fees they charge. Itís too big. There isnít enough competition. Itís compromised by governments. The technology is old and crusty. We should all use PGP instead. The litany of complaints about the PKI is endless.

In recent weeks, the Bitcoin payment protocol (BIP 70) has started to roll out. One of the features present in version 1 is signing of payment requests, and the mechanism chosen was the SSL PKI.

Mike Hearn then goes on to describe why they have chosen the SSL PKI. The description reads like a mix between an advertisement, an attack on the alleged alternates (such as they are) and an apology. Suffice to say, he gets most of the argumentation as approximately right & wrong as 99% of the experts in the field do.

Several things stand out. I read from the article that there was little attempt to explore what might be called the "own alternative." From this I wonder if what is happening is that a conservative inner group are actually trying to push Bitcoin faster into the mainstream?

Choosing to push merchants to SSL PKI authentication would certainly be one way to do it. However, this is a dangerous strategy, and what I didn't see addressed was the vector of control issue. This was a surprise, so I'll bring it out.

A danger with stated approach is that it opens up a clear attack on every merchant. Right now, merchants deal under the radar, or can do so, and caveat emptor widely rules in Bitcoinlandia. Once merchants are certified to trade by the CAs however, there is a vector of identification, and permission. There is evidence. Requirements for incorporation. There are trade records and trade purposes.

And, there is a CA which has ... what?

Terms & conditions. Unfortunately, T&C in the CA industry are little known, widely ignored, and not at all understood. Don't believe me? Ask anyone in the industry for a serious discussion about the legal contracts behind PKI and you will hear more stoney silence than if you'd just proven to the UN that global warming was another malthusian plot to prepare the world for the invasion of Martians. Still don't believe me? Check what CABForum's documents say about them. Stoney silence, in words.

But they are real, they exist, and they are forceful. They are very intended, as even when CAs don't understand them themselves, they mostly end up copying them.

One thing you will find in them is that most CAs will decline to do business with any person or party that does something illegal. Skipping the whys and wherefores, this means that any agency can complain to any CA about a merchant on any basis ("hasn't got a license in my state to do some random thing") and the CA is now in a tricky position. Tricky enough to decide where its profits come from.

Now, we hope that most merchants are honest and legal, and as mentioned above, maybe the strategy is to move in that direction in a more forceful way. The problem is that in the war against Bitcoin, as yet undeclared and still being conducted under diplomatic cover, any claim of illegality will take on a sort of state-credibility, and as we know when the authorities say that a merchant is acting against the law, the party is typically seen to be guilty until proven innocent &/or bankrupt. Factor in that it is pretty easy for an agency to take a line that Bitcoin is illegal per se. Factor in that all commercial CAs are now controlled via CABForum and are all aligned into one homogoneous equivalency (forget talk of competition, pah-lease...). Factor in that one sore thumb isn't worth defending, and sets a precedent. We should now see that all CAs will slowly but surely feel the need to mitigate against the threat to their business that is Bitcoin.

It won't be that way to begin with. One thing that Bitcoiners will be advised to do is to get a CA in a safe and remote country, one with spine. That will last for a while. But the forces will build up. The risk is that one day, the meme will spread, "we're not welcoming that business any more."

In military strategy, they say that the battle is won by the general that imposes his plan over the opponent, and I fear that choosing the SSL PKI may just be the opponent's move of choice, not Bitcoin's move of choice, no matter how attractive it may appear.

But what's the alternative, Mike Hearn asks? His fundamental claim seems to stand: there isn't a clear alternative.

This is true. If you ignore Bitcoin's purpose in life, if you ignore your own capabilities and you ignore your community, then ... I agree! If you ignore CAcert, too, I agree. There is no alternate.

But what would happen if you didn't ignore these things? Bitcoin's community is ideally placed to duplicate the system. We know this because it's been done in the past, and the text book is written. Indeed, long term readers will know that I am to some extent just copying the textbook in my current business, and I can tell you it certainly isn't as hard as getting Bitcoin up and rolling.

Capabilities? Well, actually when it comes to cryptographic protocols and reliable transactions and so forth, Bitcoin would certainly be in the game. I'm not sure why they would be so shy of this, as they are almost certainly better placed in this game than all the other CAs except perhaps the very biggest, and even that's debatable because it's been a long time since the biggest actually had the staff and know-how to do any game-changing. Bitcoin has got the backing of google who almost certainly have more knowledge about this stuff than all the CAs combined, and most of the vendors as well (OK, so Microsoft might give them a run for their money if they could get out of the stables).

They've got the mission, the community, the capabilities and the textbook. Why then not? This is why I think that Bitcoin people have made a strategic decision to join the mainstream. If that's the case, then good luck, but boy-oh-boy! are they playing high-stakes poker here.

Old Chinese curse: be careful what you wish for.

Posted by iang at March 10, 2014 06:55 AM | TrackBack

When, all of a sudden, you see a technical person start talking like a politician, then, unsurprisingly, political forces are at work.

SSL was not imposed to the world for it's security: it does not bring any.

SSL was imposed for the ability of the top to track (and alter in real time) the traffic of SSL:

- VPNs
- Firewall administration consoles
- Web sites, etc.

...for one single reason: being in a position to "follow the money" (and block it when 'unwanted').

There's nothing new here. Bitcoin just acts as a reminder.

Posted by: Lucid at March 10, 2014 12:24 PM

For the non-long-term readers just educating themselves, what's the textbook alternative to PKI you have been copying?

Posted by: Aner at April 5, 2014 04:03 PM

In short, the 'textbook alternate' is the CAcert Assurance Programme, or CAP. It is a web of trust based on assurance by about 6000 assurers around the planet.

It works, it's auditable, it's reliable. The only thing wrong with it is that too few understand how good it is.

Posted by: Iang at April 6, 2014 09:09 AM

If MaidSafe rolls out successfully wont this make the above argument redundant? All websites will be secure and immune from state interference.

Posted by: Stewart Mcleod at April 18, 2014 12:55 PM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.