[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

legal question about certs



	we have a gentle war brewing on the SPKI list.

	The question is whether the subject of a certificate should sign it.  
Normally, the issuer signs the cert -- giving some permission or access rights 
to the subject.  The subject doesn't need to sign the cert to receive those 

	However, there is a theory that for each transfer of rights in one direction, 
there is a transfer of responsibility in the other direction.  Therefore, the 
subject should sign the cert accepting the responsibility that goes along with 
the rights.

	Ron Rivest argues that as cryptographers, all we care about is the rights 
transfer...that the responsiblity transfer is the domain of lawyers.

	For example, an attack is envisioned.  Bad company, Acme, finds your public 
key someplace from some legitimate cert of yours and generates a new cert for 
you, giving you access to their file system.  Someone breaks into their file 
system and does damage, wiping out the audit logs of who broke in.  So, Acme 
asks the age-old Perry Mason question:  who had keys to that door?  Your cert 
(even though you never saw it) is a key to that door.  That makes you a 
suspect.  If for other reasons you might be even the most logical suspect, then 
you might make it to the top of the police list and get severely hassled.

	If certs all had to be signed by their subjects as well as their issuers, then 
we avoid this attack.

	So, since we're not lawyers -- the question we need answered is whether the 
attack above is credible and whether we should bother having dual signed certs 
to protect against it.  [Ie., require all certs to be dual signed -- not for 
granting access, but for taking to court.  The second signature doesn't have to 
be on the cert itself -- it could be on a receipt for a cert -- like the note I 
signed back when companies would issue me brass keys to the front door.  The 
cert verifier doesn't need to see the receipt.  However, if standard practice 
is to get signed receipts for each cert issued, then the defense attny could 
demand that Acme produce the receipt you signed for your key (cert) -- and if 
they can't, then claim that you never received the cert so you couldn't have 
been the person breaking in and doing damage.]

	Is this something we should worry about, in your opinion?  Do you know others 
we should ask about this?



Version: 5.0
Charset: noconv


|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |