[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: non-key-sharing



Bill has raised a couple of interesting points, which have mirrored some of
my concerns on the DIGSIG board.

The case of the husband who shares his private key with his wife for access
to their joint checking account is precisely the example I used to highlight
a hidden danger.  What happens if you are Jack Kent Cook, and your wife
doesn't happen to like the terms of your most recent will.  Unknown to you,
she writes a codicil to you will and signs it using your private key, which
you gave to here to access your joint checking account (the household
account, which probably only had a mere million or two in it -- not the main
Daddy War bucks account).  Are you going to come back from the grave and
repudiate that usage?

The over-18 certificate is another interesting case that violates the normal
assumption that no one in their right mind would share their private key. 
Even if the certificate could not be used to actually purchase anything,
there might be a substantial market for such a certificate just to access
free porn bulletin boards and chat rooms that were age restricted.

Both of these examples are cases where the combination of digital signature
certificates and biometrics would be useful.

Bob

Robert R. Jueneman
Security Architect
Novell, Inc.
Network Services Division
122 East 1700 South
Provo, UT 84604
801/861-7387
bjueneman@novell.com

"If you are tring to get to the moon, climbing a tree, 
although a step in the right direction, will not prove 
to be very helpful."

"The most dangerous strategy is to cross the chasm in two leaps."


>>> Bill Frantz <frantz@netcom.com> 11/05 11:55 PM >>>
At 11:08 AM -0800 11/5/97, Carl Ellison wrote:
>At 11:24 AM 11/1/97 +1100, Bob Smart wrote:
>>There are two very distinct potential applications of public keys.
>>
>>In the first the holder of the matching private key has a clear
>>wish to protect the private key in his/her own interest. For example
>>if you have a bank account that can be manipulated by signed requests
>>to the bank then you will look after that private key. And the bank
>>probably doesn't care whether you do or not.
>>
>>In the 2nd type of application the holder of the private key may be
>>able to gain an advantage by allowing others to use it. For example
>>in Australia you need to prove that you are over 18 to purchase
>>alcohol. Consider an electronic order (signed request) for alcohol.
>>It is worth considering what set of signed assertions need to accompany
>>that request for the seller to be able to claim in court that he
>>took reasonable steps to ascertain that the purchaser was over 18.
>>[Or more realistically: if designing a system which will allow the
>>purchase of alcohol over the Internet what sort of certification
>>processes need to be instituted.]
>>
>>I don't think SPKI needs to cut itself off from the second sort of
>>application.
>
>I don't think we do need to either.  OTOH, this is what Bill Frantz
>addressed so strongly last year when he claimed we shouldn't pretend to
have
>a non-delegatable cert.  If we want to prevent people from loaning out
>private keys, we need to let them do what they intend to by delegation.
>This implies that no one in his right mind would issue certs of the second
>form -- and that people would have to find a different way to control the
>delivery of age-appropriate things.

Carl did correctly state my position.  Even in the first case, I might want
to share the private key with my wife, who also has signature authority
over the account.  It certainly would be better if she had her own key so
we could keep track of who signed the transaction, but if the bank did not
support two keys, I would probably generate a key pair for the account and
share the secret key.

In the second case, the thought experiment I always perform is, "How long
before the key is posted on the local high school bulletin board?"  I
remember the teenagers using a "magically acquired" credit card number to
go through disk after disk of "10 free hours on aol".  Since the card was
never charged anything, the card holder never knew the number was being
used.  I am certain that a "I'm over 18" cert would be similarly
compromised.


-------------------------------------------------------------------------
Bill Frantz       | Internal surveillance      | Periwinkle -- Consulting
(408)356-8506     | helped make the USSR the   | 16345 Englewood Ave.
frantz@netcom.com | nation it is today.        | Los Gatos, CA 95032, USA


                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                            
                                                                  

Follow-Ups: