[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

non-key-sharing

To: Bob Smart <Bob.Smart@cmis.CSIRO.AU>
Subject: non-key-sharing
From: Carl Ellison <cme@cybercash.com>
Date: Wed, 05 Nov 1997 14:08:44 -0500
Cc: spki@c2.net
In-Reply-To: <199711010023.LAA07334@stranger.vic.cmis.CSIRO.AU>
References: <Your message of "Fri, 31 Oct 1997 11:48:17 CDT." <3.0.3.32.19971031114817.00acd940@cybercash.com>
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----

At 11:24 AM 11/1/97 +1100, Bob Smart wrote:
>There are two very distinct potential applications of public keys.
>
>In the first the holder of the matching private key has a clear
>wish to protect the private key in his/her own interest. For example
>if you have a bank account that can be manipulated by signed requests
>to the bank then you will look after that private key. And the bank
>probably doesn't care whether you do or not.
>
>In the 2nd type of application the holder of the private key may be 
>able to gain an advantage by allowing others to use it. For example
>in Australia you need to prove that you are over 18 to purchase
>alcohol. Consider an electronic order (signed request) for alcohol.
>It is worth considering what set of signed assertions need to accompany
>that request for the seller to be able to claim in court that he
>took reasonable steps to ascertain that the purchaser was over 18.
>[Or more realistically: if designing a system which will allow the
>purchase of alcohol over the Internet what sort of certification
>processes need to be instituted.]
>
>I don't think SPKI needs to cut itself off from the second sort of
>application.

I don't think we do need to either.  OTOH, this is what Bill Frantz 
addressed so strongly last year when he claimed we shouldn't pretend to have 
a non-delegatable cert.  If we want to prevent people from loaning out 
private keys, we need to let them do what they intend to by delegation.  
This implies that no one in his right mind would issue certs of the second 
form -- and that people would have to find a different way to control the 
delivery of age-appropriate things.

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQCVAwUBNGDEOxN3Wx8QwqUtAQG+ywP/e1XrSA69YBnZ9dg95BPjChVt7fjiO2FL
wHU5Ht8aKGWKz1TSKr9rflNEctG/bxmWHxBitlEJflhkZGUy8kHMt5ep8BCYX1Iy
hIPuUGI/zftrPaPsrRgg89iyQSsACPqdI3aLxVXTc50adPw2Q4B8gATHKOlWjkff
U2KkQ3SJHl4=
=z5CD
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

Follow-Ups:

Re: non-key-sharing

From: Bill Frantz <frantz@netcom.com>

References:

Re: Validity periods can be handled more explicitly

From: Bob Smart <Bob.Smart@cmis.CSIRO.AU>

Prev by Date: Re: Validity periods can be handled more explicitly
Next by Date: Re: Validity periods can be handled more explicitly
Prev by thread: Re: Validity periods can be handled more explicitly
Next by thread: Re: non-key-sharing
Index(es):
- Main
- Thread