Certifiable
This is a copy of one of my O level certificates.
As you can see, the Department of Education and Science accepts that I have reached the desired standard for a Grade A at Ordinary level French and Mathematics. Note that the Department itself did not set the exam, but entrusted this to the Oxford and Cambridge Examination Board, supported by the Vice-Chancellors of Oxford and Cambridge. These worthies themselves likely did not see the exam papers in question, but probably authorised trusted figures at their universities to recruit suitable subject experts to produce a suitable set of questions. The setters themselves are unlikely to have seen my answers, but instead delegated their assessment to a wider body of exam markers, some of whom will have seen my work. If you want to use this certificate as evidence of my proficiency in French, you then implicitly believe that the above “chain of trust” works as intended at every level. It is possible for qualifications to be revoked, but it can be burdensome to find out the exact status.?
Now, suppose that you were considering me for a position which requires the written translation of some mathematical statistics into French. There are some reasons why you should perhaps look deeper than this certificate. Firstly, you might note that the certificate was awarded in 1984. In the ensuing 40 years, my capabilities might have changed and none of the entities above have checked on my current skills. Indeed, some of the entities have changed: the Department of Education and Science has evolved through various splits and mergers; the Oxford and Cambridge Board is now part of OCR. Even the mechanism for grading my abilities changed soon after to the new GCSE model, it’s not clear how my 1984 qualifications might compare to a GCSE A* from 2004 or a GCSE Grade 9 from this year. The information on my skills is also not very fine-grained, it lets you know that I have a good grounding in the subjects, but you might want greater expertise for your task. My mathematics qualification tested my skills in statistics, trigonometry, algebra, and calculation, then amalgamated these into a single grade; my French qualification tested my skills at reading, writing, listening, and speaking, before similarly amalgamating. If you have a particular interest in my statistical knowledge or ability to do written translation, this information cannot be extracted.
We also use certificates on the Internet and run into similar limitations in the assurance that they provide. Some certificates that provide roots of trust for the Internet can be decades old, and often use outdated cryptographic mechanisms. They rely on long chains of trust where the security is only as strong as the weakest link. They have long had issues with revocation that initiatives such as Certificate Status, Certificate Pinning, Certificate Transparency, and Extended Validation have tried to address. They do not provide dynamic, fine-grained trust models that can be actively queried.
领英推荐
We should also recognise the reasons why certificates are sometimes appropriate. They provide a passive, transferable attestation that allows verifiers to gain some assurance without having to directly contact the witness. The Department for Education will not want to pick up the phone every time someone wants to know if I can solve a linear equation or buy a train ticket in Paris. Likewise, in the 1990s, when secure infrastructure was rolled out on the Internet, people were concerned that making secure connections through a CA should not be prevented if the CA were offline for a month. Certificates provided an easy solution to the offline validation problem. They work well when active trust management is not possible or not appropriate.
There are approaches other than certificates. To consider me for a mathematical translation role, a recruiter would be better served by actively contacting a mutual trusted reference with whom I have previously worked. Better yet, if they had some baseline experience of working with me and could use this as a baseline to test me for deeper expertise. An up-to-date dialogue would give assurance about the freshness of my skills and the ability to probe into more detail.
In a similar way, active, online authentication services allow dynamic and fine-grained control of trust. At the enterprise level, authentication servers and ticket granting servers can use policy to determine which users and endpoints can perform different actions under different services. Real-time analysis of connections and behaviours allows for the timely detection of anomalous behaviour and the quarantining of suspect actors in way that is not possible with certificates. Moreover, in the 21st century the Cloud computing model allows these active authentication services to be deployed as highly-available resources beyond the enterprise boundary and usable by the Internet at large. These services of active management of trust, continuous validation of data, and fine-grained control of permissions line up very strongly with the requirements of a Zero Trust approach to security.
For this reason, Arqit has made active authentication with continually ratcheted credentials for freshness and forward security a key part of its SKA platform. It provides stronger, simpler assurance for the modern Internet.
-----------------------------------------------------
About the author: Dr Daniel Shiu is Chief Cryptographer at Arqit, a mathematician who has worked in academia, government, and industry. His ability to translate mathematics into French is impeccable; you can trust him on this.