[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Subject signing redux (was: Re: Mary is Mary)
On Tue, 24 Jun 1997, Marc Branchaud wrote:
-> -----BEGIN PGP SIGNED MESSAGE-----
->
-> On Tue, 24 Jun 1997, E. Gerck wrote:
-> >
-> > -> > >1. Pls include a MUST co-sign clause.
-> > -> >
-> > -> > I would like to hear list discussion on this one point.
-> > -> >
-> > ->
-> > -> For another, it bugs me from a freedom-of-speech point of view. Libel
-> > -> laws aside, if I want to label someone (or their key) as a purple people
-> > -> eater I shouldn't need their permission. Whether other people believe my
-> > -> assertion is another story, and they should also be free to make that
-> > -> decision without the subject's expressed consent.
-> > ->
-> >
-> > The argument can equally be reversed to the other side. Further, if Jon
-> > says that Mary has auth X and auth X is to be the company's lawyer -- but
-> > Mary is not a lawyer -- she may never be able to prove she did not agree
-> > with auth X.
-> >
->
-> That's true, but will it ever be an issue? If Mary isn't misrepresenting
-> herself then how could this be a problem? Could you describe a scenario
-> in which Mary gets in trouble because Jon, without any help from Mary,
-> thinks she's a lawyer?
Sure, the ABA may sue Mary because she is an authorized company lawyer --
afterall, she has trusted Jon to sign auths for employees -- without
being a lawyer. Further, a client may sue her because he sent her an
urgent patent application that was left waiting and being shuffled around
long enough for the competitor's patent to be presented first - because
she isn't a lawyer and did not know such things are urgent.
Take an example from a public notary. Can I go to a notary and
provide you with a legal authorization without your signature?
->
-> > -> Perhaps that's what it comes down to. If the subject is presenting the
-> > -> cert anyway, isn't that an implied acceptance of its tag?
-> >
-> > Sure, such as by Jon saying that Mary has auth X. It does not good
-> > to Mary that Jon implied acceptance of his own signature.
-> >
->
-> I don't understand your statements. Do you agree with the idea of implied
-> acceptance or not? It's not Jon implying anything, it's Mary (the
-> subject) implying acceptance of the certificate she's presenting.
->
-> > Also, who else besides Jon can present Jon's cert that says Mary is a
-> > lawyer?
->
-> Actually, Jon can't present that cert because Mary's key is the subject,
-> so only Mary can present it. By presenting it, remember, there's the
-> usual challenge-response going on. Jon can't pretend to be Mary because
-> he doesn't have her private key.
->
-> So if only Mary can present the cert, then why would she ever present it
-> if she doesn't agree with its contents?
->
No, that was my (implict) point ;-) Take an attacker that is able to
present Mary's cert and do a denial-of-service (easy, he doesn't have the
key anyway...)
Cheers,
Ed Gerck
______________________________________________________________________
Dr.rer.nat. E. Gerck egerck@laser.cps.softex.br
http://novaware.cps.softex.br
P.O.Box 1201, CEP13001-970, Campinas-SP, Brazil - Fax: +55-19-2429533
Follow-Ups:
References: