[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Key Signatures Issues - Re: matter of semantics

Carl - you're the second person I've heard suggest that it might be a
bad idea to have a key signed by some key signer; the other is Cem Kaner,
who lobbies about proposed bad digital signature regulations.
(He's a lawyer, and he'll give his clients his PGP keys, but won't get them signed.)
One of his concerns is that getting a key signed may subject you to
any regulations about digital signatures, including assignment of liability
to the owner of the key.  

In general, it's a difficult problem - either under a CA regime, or with 
PGP Web Of Trust signatures, anybody can sign your key or get it signed
using at least low-level CAs (e.g. the type that only promise uniqueness and
don't claim to have verified ID papers or biometrics or whatever.)
They may not be able to convince you to accept and use the signature,
though PGP can often be tricked into doing so, but unless the key certification
format requires the owner of the key to sign accepting the signatures,
which neither PGP nor X.509 do, there's no way to prevent it.
(Tim May's example is that somebody could sign your PGP key with the
"KKK 100% White Person Certificate Key" and distribute it to the keyservers;
you could also add a "Communist Party 1997 Dues Paid" cert to annoy right-wingers.)

The X.509 model may be a bit less susceptible to this problem,
because multiple key certs are separate entities rather than combined,
and on-line CRLs give you some handle for revoking or denying certs,
as well as giving you somebody to sue if you want to,
whereas PGP signatures get combined into the key and spread around,
and PGP keyservers are not secure, easily fooled, open to anybody,
and designed to use the web of trust for security.

SPKI has already strayed far from Simpleness, but is there a non-ugly way
to deal with the problem?

At 12:30 AM 11/17/1997 -0500, Carl Ellison wrote:
>	When public key K1 is used to verify a digital signature, then we know for 
>a fact that its associated private key created the signature.  Therefore, by 
>definition, we know that (keyholder(K1)) caused that signature to happen.  
>The only question remaining is who that keyholder was at the time of the 
>	That's something we have no control over.  No certificate definition can 
>influence who controls a given private key at some time in the future.  It 
>is possible that some law (e.g., Utah) might declare that if a certificate 
>is issued by a state approved CA to someone, then that person becomes 
>legally responsible for the actions of his/her private key (as a parent is 
>responsible for the actions of a minor child).  In such a case, I for one 
>would decline to accept a certificate from a qualifying CA.

Bill Stewart, stewarts@ix.netcom.com
Regular Key PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639

Follow-Ups: References: