[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Mary is Mary

On Fri, 20 Jun 1997, Carl Ellison wrote:

-> At 06:54 PM 5/22/97 -0300, E. Gerck wrote:
-> >However, if Mary also co-signs the certificate that still proves nothing
-> >because the verifier has no way of knowing that Mary *is* Mary -- say, by
-> >independent channels of information and must only trust Jon, again.
-> Knowing "Mary *is* Mary" harks back to the way humans lived all our lives, 
-> until a few years ago when the Internet went popular.  That is, we lived in 
-> small closed communities where names meant something.  We no longer do.  The 
-> mapping between the text string "Mary Smith" and some 3D world person is not 
-> commonly known to everyone who might be involved in some transaction.  
-> Therefore, the notion that "Mary is Mary" has no definite meaning -- not like 
-> it had in the days when you were born, lived and died in a small community 
-> where everyone knew everyone else and all names in that community were 
-> unique and unchanging to a very high probability.
-> The X.500 attempt to make a global name directory and the commercial CA 
-> attempt to bind such names to physical people are attempts, in a way, to 
-> address this new reality.  However, they are IMHO misguided.  The issue is 
-> that contacts between physical people are for many purposes never involved 
-> so the mapping to them (or from them or, worse, through them) is irrelevant 
-> at best and a design flaw at worst in a system design which supports the 
-> cyberspace contact and transactions between people.  A global name space is 
-> so large that it's no longer even useful for knowing with certainty that you 
-> have the mapping to a person you really have met in the 3D world.  That's 
-> why SDSI dropped the global name space as a dead idea.
->  - Carl

Thank you for your comments.

Your answer of course correct but misses the issue. What I meant is
exactly the phrase I wrote: 

"has no way of knowing that Mary *is* Mary"

and not that "Mary is called Mary". This is not a play on words and that's
why I chose the name Mary -- it's certainly not singular, not a DN.

The question is not the name. If you want legal responsibilities or, at
least, accountability, then you must have a way to bind the authorization
to an accountable entity and not to a key. A key cannot yet be persecuted
and go to jail.

So, what I was saying is that the verifier has no way of knowing that Mary
*is* Mary even he trusts Jon 100%. This question is not solved in SPKI --
and I must say I don't think that invalidates SPKI. It just explains
exactly what the limits are. The limits are the realm of keys. You cannot
reach back to the realm of persons -- SPKI certifies keys, not persons.

Besides, there was a previous point, in the same e-mail -- also repeated
in a "summary" e-mail I sent. The question is that SPKI should make it
mandatory (and not optional as it is today) for Jon to ask Mary to co-sign
the certificate in which he delegates X to her. The reasons are several
and were explained in another e-mail I sent on the same line of reasoning. 

So, to sum up:

1. Pls include a MUST co-sign clause.

2. Pls remember that a SPKI cert can be 100% wrong regarding the actual
keyholder. A SPKI cert only affirms that the whoever holds the key K has
been assigned X by A (including 1 above, K must also co-sign -- showing
posession of the private-key K' and showing that whoever holds K/K' agrees
that the assignment is valid as done in that date).


Ed Gerck

Dr.rer.nat. E. Gerck                        egerck@laser.cps.softex.br
P.O.Box 1201, CEP13001-970, Campinas-SP, Brazil  - Fax: +55-19-2429533  

Follow-Ups: References: