[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: non-key-sharing



-----BEGIN PGP SIGNED MESSAGE-----

At 10:42 AM 11/11/97 -0700, Bob Jueneman wrote:
>I don't think that the keys themsleves are scarce. Rather, it is that
>certificates are expensive, because of the administrative burden and
>liability implications of binding of the key to anything at all, whether an
>"identity" or a set of capabilities.  (I'm using the term certificate in the
>most generic sense, not tied to X.509 or any other format.)
>
>You can certainly make certificates inexpensive, but only by making them
>essentially worthless to the relying party.

I disagree.  If I issue a free name certificate binding the ASCII string 
"Jim" to some key and you and I have a phone discussion during which I tell 
you I'll be sending you my friend's Jim's cert, I can then send you that 
name cert and you can use it with confidence.  The fact that I had no 
significant cost doesn't invalidate my use of digital signatures.  Rather, 
what makes my low cost signature valid (for end use signatures as well as 
for certificates) is that I'm too small a fish in this ocean of signers to 
be singled out for attack.

If you rule out that possibility, then you have to rule out any and all 
digital signatures I might make.  Certificates are nothing special -- unless 
your business model says they should be.

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQCVAwUBNG/dRxN3Wx8QwqUtAQEPGwP+MjRL98aaoF7UIMsexqM58UQOYSrfKclU
CEDhdvvswLqHZVK/7oZdhkZvbJr30OzZgx+vVXHsFoxGJpcIa+htYCYnZFqnEsv9
JdlX0ulvsCieoL1ovNzXCWCbSue6PkJAFRhFiN3we7fLoBN1+eXw+sChoL2meJHL
6awT1ZWBQWg=
=EclR
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

References: