[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Subject signing redux (was: Re: Mary is Mary)


On Wed, 25 Jun 1997, E. Gerck wrote:
> Sure, the ABA may sue Mary because she is an authorized company lawyer --
> afterall, she has trusted Jon to sign auths for employees --  without
> being a lawyer. Further, a client may sue her because he sent her an
> urgent patent application that was left waiting and being shuffled around
> long enough for the competitor's patent to be presented first - because
> she isn't a lawyer and did not know such things are urgent. 

The above line of thiking is like saying that if Jon's corporate phone
book lists Mary as their lawyer then Mary can get sued by the ABA.  That's
just too weird. 

Why would they sue Mary?  Jon's the one who lied.  If Jon told a client
that Mary was his lawyer, and that turned out to be false, the client
would be angry with Jon, not Mary.

The idea behind a subject-signed cert is that the issuer couldn't do any
fraud on his own, that the subject would also have to "accept" the cert's
claims.  My argument is that we don't need subject-signed certs to have
that: the subject can be said to "accept" the cert's claims when she uses
the cert, by using her private key.

If the client contacts Mary, expecting her to be Jon's lawyer, when Mary
acts as Jon's lawyer she's accepted Jon's certificate.  If Mary doesn't
act as Jon's lawyer then she hasn't accepted Jon's cert, and the client
should tell Jon to get his act together.

> Take an example from a public notary. Can I go to a notary and
> provide you with a legal authorization without your signature?

That's a completely different situation.  Besides, there are bunches of
legal authorizations that don't require the designated person's signature.
For example, I'm the executor of my mother's will.  I didn't have to sign
anything to get that power.  In fact, I found out after the fact (of the
will -- mom's still around! (: )

Forcing SPKI to conform to a noterized-like functionality would limit it

> -> So if only Mary can present the cert, then why would she ever present it
> -> if she doesn't agree with its contents?
> -> 
> No, that was my (implict) point ;-) Take an attacker that is able to
> present Mary's cert and do a denial-of-service (easy, he doesn't have the
> key anyway...)

Deny service to whom?  The only person who wouldn't get service is the
attacker -- what a shame.


 Marc Branchaud                                       \/
 Chief PKI Architect                                  /\CERT SOFTWARE INC.
 marcnarc@xcert.com        PKI References page:              www.xcert.com
 604-640-6210x227      www.xcert.com/~marcnarc/PKI/

Version: 2.6.3ia
Charset: noconv


Follow-Ups: References: