[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject signing redux (was: Re: Mary is Mary)

To: spki@c2.net
Subject: Subject signing redux (was: Re: Mary is Mary)
From: Marc Branchaud <marcnarc@xcert.com>
Date: Mon, 23 Jun 1997 10:46:41 -0700 (PDT)
In-Reply-To: <3.0.2.32.19970621031642.00ca76b0@cybercash.com>
Reply-To: Marc Branchaud <marcnarc@xcert.com>
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 21 Jun 1997, Carl Ellison wrote:
> 
> At 05:27 PM 6/20/97 -0300, E. Gerck wrote:
> > 
> >So, to sum up:
> >
> >1. Pls include a MUST co-sign clause.
> 
> I would like to hear list discussion on this one point.
> 

My instinctive feeling on this issue is that co-siging should _not_ be
mandated by SPKI.

For one thing, it's an extra layer of complexity that some, even many,
people might not want to deal with -- every cert would have to be verified
with two signatures and two key revocation checks.

For another, it bugs me from a freedom-of-speech point of view.  Libel
laws aside, if I want to label someone (or their key) as a purple people
eater I shouldn't need their permission.  Whether other people believe my
assertion is another story, and they should also be free to make that
decision without the subject's expressed consent.

What it comes down to is having the subject agree to whatever auth he's
been granted, and I get the nagging feeling that there will be situations
where that's not going to work.

What about assigning an attribution to a group?  Who should counter-sign
the cert then?

Furthermore, subject-signed certs don't make much sense in the SPKI
context of issuer-as-verifier.  If I issue a cert saying someone's a
weenie, when I verify that cert I'll believe it regardless of what other
signatures are on it.  Besides, would the weenie ever even present the
cert back to me if he didn't want me to think he was a weenie? 

Perhaps that's what it comes down to.  If the subject is presenting the
cert anyway, isn't that an implied acceptance of its tag? 

		Marc

+------------------------------------------------------------------------+
 Marc Branchaud                                       \/
 Chief PKI Architect                                  /\CERT SOFTWARE INC.
 marcnarc@xcert.com        PKI References page:              www.xcert.com
 604-640-6210x227      www.xcert.com/~marcnarc/PKI/
+------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBM662gVrdFXNdDxPlAQEXegL8CBbJl5UJAZ7cxfvRuU28i9tqWt3ZVg0M
8RIYysEL4u0LmC5++DnYLkFI6MaL8ERWjvwJyRI6xsyBQOc297ACUtfsgUDCVy3O
z4kL9zMJn4kvT0c6t+OMmVpeOAODdWHe
=cm/d
-----END PGP SIGNATURE-----

Follow-Ups:

Re: Subject signing redux (was: Re: Mary is Mary)

From: "E. Gerck" <egerck@laser.cps.softex.br>

Re: Subject signing redux (was: Re: Mary is Mary)

From: Carl Ellison <cme@cybercash.com>

References:

Re: Mary is Mary

From: Carl Ellison <cme@cybercash.com>

Prev by Date: Re: SPKI signing keys only
Next by Date: Re: SPKI signing keys only
Prev by thread: Re: Mary is Mary
Next by thread: Re: Subject signing redux (was: Re: Mary is Mary)
Index(es):
- Main
- Thread