[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: The Carl & Bob show

To: Peter Whittaker <pww@entrust.com>
Subject: RE: The Carl & Bob show
From: Carl Ellison <cme@cybercash.com>
Date: Sun, 07 Dec 1997 23:18:25 -0500
Cc: "'Carl Ellison'" <cme@cybercash.com>, "'Bob Jueneman'" <BJUENEMAN@novell.com>, "'Spki@c2.net'" <Spki@c2.net>
In-Reply-To: <c=CA%a=_%p=NorTel_Secure_Ne%l=APOLLO-971121144920Z-70082@mail.entrust.com>
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----

At 09:49 AM 11/21/97 -0500, Peter Whittaker wrote:
>Is it perhaps the case that the identity-with-context that Carl refers
>to is in some ways provided by the combination of issuer name, subject
>name, and issuer public key?  Admittedly, this may only reduce the scope
>of the problem (it is possible that two CAs will issue certificates with
>the same subject name, and not have those be the same subject entity;
>it is much less likely that those two CAs will have the same issuer
>name;  in fact, I would think that any community in which they operate
>would catch on to that pretty quickly).  So long as the CAs themselves
>maintain adequate information about their subjects, is not the problem
>of "no context for the identity" perhaps solved?  As a certificate user,
>I will choose to do business - that is, accept a CA from - a CA that
>enforces identity check policies and cross-certification policies that
>are adequate to my needs and requirements.

As I said, I believe we'll end up talking the same language -- probably 
sooner than even I thought.

What I see in this discussion is confusion from the lack of careful 
distinctions among the concepts of authorization, accountability, 
identification and locatability.  These four can be separate.  None of them 
necessarily requires or implies another.

As you point out, when you issue a certificate for electronic commerce 
(e.g., a SET cardholder certificate), there is no identifying information in 
that certificate of any value to anyone but you, the issuer.  However, 
that's plenty.  If that keyholder defrauds someone, you have his information 
on file and can provide that to police.  However, a SET cardholder 
(authorization) certificate gives the verifier the information he needs: 
that the keyholder has been blessed by a certain financial institution for 
transactions with a certain credit card.

>And when any two organizations decide to cross-certify, they will
>perform checks on each other which should result in uniquely identified
>CAs (if I have cross-certified with Joe's CA Shop, and you have too, I
>will likely either check that they are the same CA, or restrict the
>validity of the cross-certificate I issued to you so that it can't be
>used to get to "your" Joe).

As far as I can tell, cross-certification is a side-effect of X.509 ala PEM 
and does not show up explicitly in the SPKI lectionary.  Do you see some 
special place for that concept, aside from X.509 or PEM peculiarities?

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3

iQCVAwUBNIt1DxN3Wx8QwqUtAQERHwP+NBDJTa05olnlg6xn3E1nBijfPOas/BPH
WvLlICe6ZE09asAktUlyM9ufTB+MQyzBuVO5ZZohNYrmdg9h0EQL9tEefl4NiaYq
DQr7aV+ff5TgFjsLfZWX3u+R/Am1lAf9QLcGxqw/A5BHrbJGFeU4xm2cAn9L1qjG
2WRXeGtykjk=
=Qlab
-----END PGP SIGNATURE-----

+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

References:

RE: The Carl & Bob show

From: Peter Whittaker <pww@entrust.com>

Prev by Date: Re: global names are a security flaw
Next by Date: Re: RE: The Carl & Bob show
Prev by thread: RE: The Carl & Bob show
Next by thread: RE: The Carl & Bob show
Index(es):
- Main
- Thread