[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Subject signing redux (was: Re: Mary is Mary)

To: Marc Branchaud <marcnarc@xcert.com>
Subject: Re: Subject signing redux (was: Re: Mary is Mary)
From: "E. Gerck" <egerck@laser.cps.softex.br>
Date: Wed, 25 Jun 1997 17:56:20 -0300 (EST)
Cc: spki@c2.net
In-Reply-To: <Pine.LNX.3.96.970625102803.15192H-100000@linux.xcert.com>
Reply-To: "E. Gerck" <egerck@laser.cps.softex.br>
Sender: owner-spki@c2.net

On Wed, 25 Jun 1997, Marc Branchaud wrote:

-> -----BEGIN PGP SIGNED MESSAGE-----
-> 
-> 
-> On Wed, 25 Jun 1997, E. Gerck wrote:
-> > 
-> > Sure, the ABA may sue Mary because she is an authorized company lawyer --
-> > afterall, she has trusted Jon to sign auths for employees --  without
-> > being a lawyer. Further, a client may sue her because he sent her an
-> > urgent patent application that was left waiting and being shuffled around
-> > long enough for the competitor's patent to be presented first - because
-> > she isn't a lawyer and did not know such things are urgent. 
-> > 
-> 
-> 
-> The above line of thiking is like saying that if Jon's corporate phone
-> book lists Mary as their lawyer then Mary can get sued by the ABA.  That's
-> just too weird. 

This is not the same as the examples. They are semantically different from
your phrase.  

-> -> Why would they sue Mary?  Jon's the one who lied.  If
Jon told a client -> that Mary was his lawyer, and that turned out to be
false, the client -> would be angry with Jon, not Mary.  ->

How would the ABA know that Jon was the one that lied? Further, if that
turned out to be false, as you indicate, Mary can't prove she had nothing
to do with it.

I think few employees would really accept the liability of giving an
employer the right to issue a public assignment involving their name and
reputation, without a previous agreement. This is also forbidden by law,
at least in Brazil. 

-> If the client contacts Mary, expecting her to be Jon's lawyer, when Mary
-> acts as Jon's lawyer she's accepted Jon's certificate.  If Mary doesn't
-> act as Jon's lawyer then she hasn't accepted Jon's cert, and the client
-> should tell Jon to get his act together.
-> 

This does not constitute proof to a third-party.

->> No, that was my (implict) point ;-) Take an attacker that is able to
->> present Mary's cert and do a denial-of-service (easy, he doesn't have  the
->> key anyway...)
>

->Deny service to whom?  The only person who wouldn't get service is the
->attacker -- what a shame.                                               

Deny service to the recipient, of course. 

Yours,

Ed Gerck


______________________________________________________________________
Dr.rer.nat. E. Gerck                        egerck@laser.cps.softex.br
http://novaware.cps.softex.br
P.O.Box 1201, CEP13001-970, Campinas-SP, Brazil  - Fax: +55-19-2429533

References:

Re: Subject signing redux (was: Re: Mary is Mary)

From: Marc Branchaud <marcnarc@xcert.com>

Prev by Date: Re: Subject signing redux (was: Re: Mary is Mary)
Next by Date: Re: Subject signing redux (was: Re: Mary is Mary)
Prev by thread: Re: Subject signing redux (was: Re: Mary is Mary)
Next by thread: Re: Subject signing redux (was: Re: Mary is Mary)
Index(es):
- Main
- Thread