home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  

Practical UNIX & Internet Security

Practical UNIX & Internet SecuritySearch this book
Previous: 18.5 Risks of Web Browsers Chapter 18
WWW Security
Next: 18.7 Summary

18.6 Dependence on Third Parties

It is impossible to eliminate one's dependence on other individuals and organizations. Computers need electricity to run, which makes most computer users dependent on their power company for continued operations. You can purchase an electrical generator or a solar power system, but this simply shifts the dependence from the power company to the firm that supplies the fuel to the generator, or the firm that makes replacement parts for the solar power system.[7]

[7] There is also a dependence on the continued operation of Sol itself.

Most organizations attempt to limit their risk by arranging for multiple suppliers of their key resources. For example, you might purchase your electricity from a utility, but have a diesel generator for backup. If you are a newspaper, you might have several suppliers for paper. That way, if you have a dispute with one supplier, you can still publish your newspaper by buying from another.

Likewise, it is important to be sure that you have multiple suppliers for all of your key computer resources. It is unwise to be in a position where the continued operation of your business depends on your continued relationship with an outside supplier, because this gives the supplier control over your business.

Today, there are many choices for organizations that are deploying Web servers. Web servers can be run on a wide variety of platforms, including UNIX , Windows, and Macintosh. And there are many different Web servers available for the same hardware.

There are fewer choices available when organizations need to purchase secure Web servers - that is, Web servers that provide for cryptographic protection of data and authentication of their users. This restriction is a result of the fact that the use of public-key cryptography in the United States will be covered by patents until the year 1997 (in the case of the Diffie-Hellman and Hellman-Merkle patents) or the year 2000 (in the case of the RSA patent). Currently, the use of these patents is controlled by two companies, Cylink, based in Sunnyvale, Calif., and RSA Data Security, based in Redwood City, California. Because of the existence of these patents, and because of the widespread adoption of the RSA technology by the Web community, it is highly unlikely that a server that implements cryptographic security will be produced and sold in the United States that is not licensed, directly or indirectly, by RSA Data Security.

One of the primary purposes of encryption is to provide absolute assurances to consumers that when the consumer contacts a Web server, the Web server actually belongs to the company to which it claims to belong. You can't trust the Web server itself. So companies such as Netscape Communications have turned to a trusted third party, Verisign Inc. Netscape has embedded Verisign's public key in both its Secure Commerce Server and its Web browser. The browser will not switch into its secure, encrypted mode unless it is presented a digital ID from the server that is signed by Verisign's secret key.

And Netscape is not alone. At the time of this writing (December 1995), all secure Web servers and browsers used Verisign as their trusted certification authority. Although there are plans for other such authorities, none currently exist.

This presents businesses with a dilemma. The reason is that digital ID's signed by Verisign must be renewed every year to remain valid. But Verisign is under no legal obligation to renew the IDs. This means that, should a dispute arise between Verisign and a company using a secure Web browser, Verisign could simply choose not to renew the company's key, and the company would lose the cryptographic capabilities of its program. Note this is not a problem with Verisign, per se, but with the whole scheme of certification authorities with whom you have no direct contractual relationship.

There are several solutions to this problem. The obvious one is for there to be alternative certification authorities, and for browsers and servers to accept digital identification credentials from any certification authority, giving the user the choice of whether or not the authority should be trusted. We have been told that these changes will be made in a future version of Netscape's Navigator. But we include this discussion to illustrate the risk of depending on third parties. Even if these risks are minimized in the Netscape products, third-party dependencies are likely to continue in many different forms. Be on the lookout for them!