[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Key Signatures Issues - Re: matter of semantics
-----BEGIN PGP SIGNED MESSAGE-----
At 08:51 AM 11/17/97 -0800, stewarts@ix.netcom.com wrote:
>Carl - you're the second person I've heard suggest that it might be a
>bad idea to have a key signed by some key signer; the other is Cem Kaner,
>who lobbies about proposed bad digital signature regulations.
>(He's a lawyer, and he'll give his clients his PGP keys, but won't get them
signed.)
>One of his concerns is that getting a key signed may subject you to
>any regulations about digital signatures, including assignment of liability
>to the owner of the key.
Bill,
I didn't mean to imply that it might be a bad idea to sign a certificate.
Rather, I have been arguing for certificates to be clear about what they
mean. Some of these meanings, as in Mike Reiter's work, could imply some
level of financial responsibility by the issuer.
However, this is a human activity and therefore we can't be free of lawyers
:-\ . The first time someone uses a PGP signed key as if trust of the
binding implied trust of the person (a dumb move but probably a common
mistake in logic), and then that keyholder proves untrustworthy, the victim
might well try to sue the signers of the keyholder's key.
>The X.509 model may be a bit less susceptible to this problem,
>because multiple key certs are separate entities rather than combined,
>and on-line CRLs give you some handle for revoking or denying certs,
>as well as giving you somebody to sue if you want to,
>whereas PGP signatures get combined into the key and spread around,
>and PGP keyservers are not secure, easily fooled, open to anybody,
>and designed to use the web of trust for security.
I don't think there's any difference -- except maybe with X.509 policy
statement fields (put there by lawyers for the issuers). That is, some fool
could misinterpret trust of key binding to be trust of keyholder, get burned
and then sue everyone involved.
>SPKI has already strayed far from Simpleness, but is there a non-ugly way
>to deal with the problem?
I don't buy SPKI's non-simpleness. I think we're addressing a problem
that's inherently complex and SPKI approaches it in the simplest way I know
how.
- Carl
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQCVAwUBNHM+GRN3Wx8QwqUtAQEzKQP9GFf/bkwovYNJmN/j1yox5QkL2WMd52nv
r968P67IRaiuEHu1XK56sTMYr3ka11ZugnyyQdqj2/EiENjbNNe8tyI+Wl9qG2e/
3RHQVF06aCj+TjysojiD6YEi122iBp25xMzr1aQTXxCHr1R0RIRT3MdEpvJ7D/A1
tcRTcmuULM0=
=5Qcc
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
References: