[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

digital signature mock trial

To: dgreenwood@state.ma.us
Subject: digital signature mock trial
From: Carl Ellison <cme@cybercash.com>
Date: Wed, 02 Apr 1997 00:14:29 -0500
Cc: spki@c2.net, rodney@sabletech.com
Sender: owner-spki@c2.net

Dan,

a number of us, as part of a large working group of the IETF, are working on a 
kind of public key certificate which should radically change your effort.  I 
would be interested in watching what happens with your mock trial but I 
would also be interested in setting up a mock trial assuming use of 
SPKI/SDSI 2.0 certificates instead of the identity certificates which you no 
doubt currently consider.

The difference, in case you haven't been following our effort, is that 
traditional certificates attempt to bind physical persons to public keys by 
way of their names, with <name,key> binding occurring through some third 
party.  The lawyers appear to be having a field day in setting up contracts 
for such third parties and most digital signature law seems to refer to the 
duties and liabilities of such parties -- called Certification Authorities.

Our work eliminates those third parties, for the most part, because we 
bypass the step of binding global names to keys.  We have done this
because we realize that global names can not be meaningful to the
users of those names, given the size of the namespace for the Internet.
[A full explanation of the futility of global names would take many
pages or about 1/2 hour of discussion.  It runs counter to conventional
wisdom, so it takes that much more discussion.]

>From a security point of view, this feature of our certificate architecture 
makes operations more secure.  There is one less step and therefore one less 
possibility for the enemy to attack the system.

Legally, the difference may be even more radical.  Because we eliminate the 
*need* for this trusted third party, most of the legislation we've seen 
dealing with digital signatures is irrelevant to us.  On the positive side, 
this may mean that our mechanism is less subject to dispute needing lawyers 
or legislation.  On the negative side, it may mean that there is a flaw in 
current legislation because it might deal with a first layer of problem 
(<name,key> binding) without dealing with what we have discovered are 
important issues once the <name,key> binding problem is solved.

- Carl

P.S. We haven't eliminated the TTP.  Rather, we have an architecture
which allows commerce to proceed without either TTPs or global names.
There might still be a need for TTPs and conventional global identity
certificates -- and our architecture allows for them -- but we haven't
yet found an application which requires them.  We have examined a wide
variety of network activities, not just commerce, in looking for such
applications.

Prev by Date: Re: Names of algorithms
Next by Date: Re: Ron Rivest's Contributions...
Prev by thread: Re: Light-weight certificate revocation lists ?
Next by thread: Intersection of tag fields
Index(es):
- Main
- Thread