[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Mary is Mary
On Fri, 20 Jun 1997, Carl Ellison wrote:
-> -----BEGIN PGP SIGNED MESSAGE-----
-> At 06:54 PM 5/22/97 -0300, E. Gerck wrote:
-> >However, if Mary also co-signs the certificate that still proves nothing
-> >because the verifier has no way of knowing that Mary *is* Mary -- say, by
-> >independent channels of information and must only trust Jon, again.
-> Knowing "Mary *is* Mary" harks back to the way humans lived all our lives,
-> until a few years ago when the Internet went popular. That is, we lived in
-> small closed communities where names meant something. We no longer do. The
-> mapping between the text string "Mary Smith" and some 3D world person is not
-> commonly known to everyone who might be involved in some transaction.
-> Therefore, the notion that "Mary is Mary" has no definite meaning -- not like
-> it had in the days when you were born, lived and died in a small community
-> where everyone knew everyone else and all names in that community were
-> unique and unchanging to a very high probability.
-> The X.500 attempt to make a global name directory and the commercial CA
-> attempt to bind such names to physical people are attempts, in a way, to
-> address this new reality. However, they are IMHO misguided. The issue is
-> that contacts between physical people are for many purposes never involved
-> so the mapping to them (or from them or, worse, through them) is irrelevant
-> at best and a design flaw at worst in a system design which supports the
-> cyberspace contact and transactions between people. A global name space is
-> so large that it's no longer even useful for knowing with certainty that you
-> have the mapping to a person you really have met in the 3D world. That's
-> why SDSI dropped the global name space as a dead idea.
-> - Carl
Thank you for your comments.
Your answer of course correct but misses the issue. What I meant is
exactly the phrase I wrote:
"has no way of knowing that Mary *is* Mary"
and not that "Mary is called Mary". This is not a play on words and that's
why I chose the name Mary -- it's certainly not singular, not a DN.
The question is not the name. If you want legal responsibilities or, at
least, accountability, then you must have a way to bind the authorization
to an accountable entity and not to a key. A key cannot yet be persecuted
and go to jail.
So, what I was saying is that the verifier has no way of knowing that Mary
*is* Mary even he trusts Jon 100%. This question is not solved in SPKI --
and I must say I don't think that invalidates SPKI. It just explains
exactly what the limits are. The limits are the realm of keys. You cannot
reach back to the realm of persons -- SPKI certifies keys, not persons.
Besides, there was a previous point, in the same e-mail -- also repeated
in a "summary" e-mail I sent. The question is that SPKI should make it
mandatory (and not optional as it is today) for Jon to ask Mary to co-sign
the certificate in which he delegates X to her. The reasons are several
and were explained in another e-mail I sent on the same line of reasoning.
So, to sum up:
1. Pls include a MUST co-sign clause.
2. Pls remember that a SPKI cert can be 100% wrong regarding the actual
keyholder. A SPKI cert only affirms that the whoever holds the key K has
been assigned X by A (including 1 above, K must also co-sign -- showing
posession of the private-key K' and showing that whoever holds K/K' agrees
that the assignment is valid as done in that date).
Dr.rer.nat. E. Gerck firstname.lastname@example.org
P.O.Box 1201, CEP13001-970, Campinas-SP, Brazil - Fax: +55-19-2429533