The key to trust? signalling quality in the PKI market

The absence of a platform for secure electronic commerce is widely recognised. Across the globe, a host of Certification Authorities (CAs) have emerged to seize the opportunity for issuing digital certificates that constitute the Public Key Infrastructure (PKI). Yet the take-up of the technology has been bitterly disappointing. The market for digital certificates has failed to reach the critical worldwide mass that was anticipated. Current literature suggests a variety of outstanding technical, legal and policy issues that hinder the adoption of PKI. We argue that another contributing factor in this adverse turn of events is the quality uncertainty surrounding CAs and the certificates they issue. This paper adopts the Lemons principle, an economic theory, to analyse the market situation of quality uncertainty and reviews three countermeasures that remedy this problem: brand names, guarantees and licensing. Applying this economic theory to the PKI market, the paper discusses how these three countermeasures might be used to signal the quality of certificates and hence generate the trust missing between CAs and relying parties in electronic transactions.

[1]  Charles Adams,et al.  Understanding Public-Key Infra-structure: Concepts, Standards, and Deployment Con-siderations , 1999 .

[2]  C. Ciborra Teams, Markets and Systems: Business Innovation and Information Technology , 1993 .

[3]  Hal R. Varian,et al.  Information rules - a strategic guide to the network economy , 1999 .

[4]  Tom Wilson Teams, markets and systems: business innovation and information technology: C.U. Ciborra Cambridge: Cambridge University Press, 1993. ISBN 0 521 40463 0. £30.00. , 1994 .

[5]  Hayne E. Leland,et al.  Quacks, Lemons, and Licensing: A Theory of Minimum Quality Standards , 1979, Journal of Political Economy.

[6]  Graham Greenleaf,et al.  Privacy Implications of Digital Signatures , 1997 .

[7]  B. Clifford Neuman,et al.  Endorsements, licensing, and insurance for distributed system services , 1994, CCS '94.

[8]  Sudipto Bhattacharya,et al.  Nondissipative Signaling Structures and Dividend Policy , 1980 .

[9]  JoAnne Yates,et al.  Electronic markets and electronic hierarchies , 1987, CACM.

[10]  Frank Whitson Fetter Some Neglected Aspects of Gresham's Law , 1932 .

[11]  J. Jacoby,et al.  Information Acquisition Behavior in Brand Choice Situations , 1977 .

[12]  W. Ford,et al.  Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption , 2000 .

[13]  Roger Clarke,et al.  The Fundamental Inadequacies of Conventional Public Key Infrastructure , 2001, ECIS.

[14]  James Backhouse,et al.  Searching for Meaning - Performatives and Obligations in Public Key Infrastructures , 2000 .

[15]  Stephen A. Ross,et al.  The determination of financial structure: the incentive-signalling approach , 1977 .

[16]  Wujin Chu,et al.  Signaling Quality by Selling Through a Reputable Retailer: An Example of Renting the Reputation of Another Agent , 1994 .

[17]  B. Wernerfelt,et al.  Umbrella Branding as a Signal of New Product Quality: An Example of Signalling by Posting a Bond , 1988 .

[18]  Robert J. Kauffman,et al.  ANALYZING COMPETITION AND COLLUSION STRATEGIES IN ELECTRONIC MARKETPLACES WITH INFORMATION ASYMMETRY , 2000 .

[19]  Yannis Bakos,et al.  The Emerging Landscape for Retail E-Commerce , 2001 .

[20]  Stephen Wilson Digital signatures and the future of documentation , 1999, Inf. Manag. Comput. Secur..

[21]  Bruce Schneier,et al.  Ten Risks of PKI , 2004 .

[22]  M. Shurmer,et al.  Standards and Trade Performance: the UK Experience , 1996 .

[23]  Sudipto Bhattacharya,et al.  Imperfect Information, Dividend Policy, and "The Bird in the Hand" Fallacy , 1979 .

[24]  Robert Heinkel,et al.  Uncertain Product Quality: The Market for Lemons with an Imperfect Testing Technology , 1981 .

[25]  Warwick Ford,et al.  Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework , 2003, RFC.

[26]  Rolf T. Wigand,et al.  Electronic Commerce: Definition, Theory, and Context , 1997, Inf. Soc..

[27]  Anjan V. Thakor,et al.  An Exploration of Competitive Signalling Equilibria with "Third Party" Information Production: The Case of Debt Insurance , 1982 .

[28]  M. Spence Competitive and optimal responses to signals: An analysis of efficiency and distribution , 1974 .

[29]  A. Froomkin The Essential Role of Trusted Third Parties in Electronic Commerce , 1996 .

[30]  Tim S. Campbell,et al.  Information Production, Market Signalling, and the Theory of Financial Intermediation , 1980 .

[31]  Jonathan K. Millen,et al.  Reasoning about trust and insurance in a public key infrastructure , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[32]  M. Spence Consumer Misperceptions, Product Failure and Producer Liability , 1977 .

[33]  Eric W. Bond A Direct Test of the "Lemons" Model: The Market for Used Pickup Trucks , 1984 .