[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
digital signature mock trial
a number of us, as part of a large working group of the IETF, are working on a
kind of public key certificate which should radically change your effort. I
would be interested in watching what happens with your mock trial but I
would also be interested in setting up a mock trial assuming use of
SPKI/SDSI 2.0 certificates instead of the identity certificates which you no
doubt currently consider.
The difference, in case you haven't been following our effort, is that
traditional certificates attempt to bind physical persons to public keys by
way of their names, with <name,key> binding occurring through some third
party. The lawyers appear to be having a field day in setting up contracts
for such third parties and most digital signature law seems to refer to the
duties and liabilities of such parties -- called Certification Authorities.
Our work eliminates those third parties, for the most part, because we
bypass the step of binding global names to keys. We have done this
because we realize that global names can not be meaningful to the
users of those names, given the size of the namespace for the Internet.
[A full explanation of the futility of global names would take many
pages or about 1/2 hour of discussion. It runs counter to conventional
wisdom, so it takes that much more discussion.]
>From a security point of view, this feature of our certificate architecture
makes operations more secure. There is one less step and therefore one less
possibility for the enemy to attack the system.
Legally, the difference may be even more radical. Because we eliminate the
*need* for this trusted third party, most of the legislation we've seen
dealing with digital signatures is irrelevant to us. On the positive side,
this may mean that our mechanism is less subject to dispute needing lawyers
or legislation. On the negative side, it may mean that there is a flaw in
current legislation because it might deal with a first layer of problem
(<name,key> binding) without dealing with what we have discovered are
important issues once the <name,key> binding problem is solved.
P.S. We haven't eliminated the TTP. Rather, we have an architecture
which allows commerce to proceed without either TTPs or global names.
There might still be a need for TTPs and conventional global identity
certificates -- and our architecture allows for them -- but we haven't
yet found an application which requires them. We have examined a wide
variety of network activities, not just commerce, in looking for such