[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Certificate validity issues



In my thinking, there's another attribute about certificates  I've not seen 
mentioned:

There are two sorts of certificates one might want:

(1) I might want a certificate for membership in an organization; 
    however, *they* might want me (and I might not want to be a member). 
    In this sort of case, one might want to have the recipient of the 
    certificate have a signature *within* the issuer-signed certificate.

(2) I might be, say, a con artist, and someone might have issued a 
    certificate to that effect (i.e., Don't work with / for this person). 
    I certainly wouldn't consent to sign such a certificate (unless I'm 
    an organization, and signing all complaint certificates is part of a 
    better-business-bureau type certification.) In this case, it should 
    be possible to issue a certificate that doesn't require an inside 
    signature.

I don't see any that there could be any sort of automatic way to 
distinguish between the necessity for recipient-signed vs. 
recipient-unsigned certificates; One would assume that recipient-unsigned 
certificates would be effective only when issued from a high-reputation 
source.

Some method should be required to allow user decisions as to this, but 
whatever system is designed should definitely allow for both types, and 
*require* relevant software to handle both types.

There's actually a third sort of important certificate the system should 
handle:

(3) I might be a member of a secret society; I might need a membership 
    certificate to get access, say, to certain web sites. The system 
    should allow a "secret certificate," readable only by the issuer.

There may be more important cases like this; someone should take a list 
of certificate uses (perhaps CME's list) and categorize them by how the 
certs should behave, using the above categories or others. Once that's 
done, we can consider what sort of format is necessary to handle all 
these cases with equal aplomb.

Jon Lasser
----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.