[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: non-key-sharing

At 11:08 AM -0800 11/5/97, Carl Ellison wrote:
>At 11:24 AM 11/1/97 +1100, Bob Smart wrote:
>>There are two very distinct potential applications of public keys.
>>In the first the holder of the matching private key has a clear
>>wish to protect the private key in his/her own interest. For example
>>if you have a bank account that can be manipulated by signed requests
>>to the bank then you will look after that private key. And the bank
>>probably doesn't care whether you do or not.
>>In the 2nd type of application the holder of the private key may be
>>able to gain an advantage by allowing others to use it. For example
>>in Australia you need to prove that you are over 18 to purchase
>>alcohol. Consider an electronic order (signed request) for alcohol.
>>It is worth considering what set of signed assertions need to accompany
>>that request for the seller to be able to claim in court that he
>>took reasonable steps to ascertain that the purchaser was over 18.
>>[Or more realistically: if designing a system which will allow the
>>purchase of alcohol over the Internet what sort of certification
>>processes need to be instituted.]
>>I don't think SPKI needs to cut itself off from the second sort of
>I don't think we do need to either.  OTOH, this is what Bill Frantz
>addressed so strongly last year when he claimed we shouldn't pretend to have
>a non-delegatable cert.  If we want to prevent people from loaning out
>private keys, we need to let them do what they intend to by delegation.
>This implies that no one in his right mind would issue certs of the second
>form -- and that people would have to find a different way to control the
>delivery of age-appropriate things.

Carl did correctly state my position.  Even in the first case, I might want
to share the private key with my wife, who also has signature authority
over the account.  It certainly would be better if she had her own key so
we could keep track of who signed the transaction, but if the bank did not
support two keys, I would probably generate a key pair for the account and
share the secret key.

In the second case, the thought experiment I always perform is, "How long
before the key is posted on the local high school bulletin board?"  I
remember the teenagers using a "magically acquired" credit card number to
go through disk after disk of "10 free hours on aol".  Since the card was
never charged anything, the card holder never knew the number was being
used.  I am certain that a "I'm over 18" cert would be similarly

Bill Frantz       | Internal surveillance      | Periwinkle -- Consulting
(408)356-8506     | helped make the USSR the   | 16345 Englewood Ave.
frantz@netcom.com | nation it is today.        | Los Gatos, CA 95032, USA