Re: legal question about certs

[Bob Jueneman <BJUENEMAN@novell.com>]

"I'm not an attorney, but..."

This is precisely why, in the ABA Digital Signature Guidelines, and in the
statutes that several states have passed that follows those guidelines,
there is the requirement that the subscriber (subject) of a certificate
ACCEPT the certificate prior to it being valid.  If the CA publishes a
certificate prior to the subject approving and accepting it, they are at
serious risk, and the subject can disavow any transaction that allegedly
signed with their key. You can consult the comments for further details.

That doesn't necessarily mean that the subject has to sign the certificate
to indicate acceptance, although that would seem to have some merit.

\Unfortunately, the argument is circular.  If you are concerned about a
rogue CA issuing a certificate to someone who never heard of that CA, that
CA could invent whatever public/private key pair they wished, and embed that
key in the certificate they are issuing!

I realize that the argument is more convoluted than just issuing certs, but
this is certainly a danger that you have to watch out for.  Although I'm not
sure that merely signing the certificate is sufficient because of the rogue
CA argument, without such a receipt there is going to have to be some much
more complex auditing and other functions provided.

Bob


Robert R. Jueneman
Security Architect
Novell, Inc.
Internet Infrastructure Division
122 East 1700 South
Provo, UT 84604
801/861-7387
bjueneman@novell.com


>>> Carl Ellison <cme@cybercash.com> 06/25/97 04:20PM >>>
-----BEGIN PGP SIGNED MESSAGE-----

Dave,

 we have a gentle war brewing on the SPKI list.

 The question is whether the subject of a certificate should sign it.  
Normally, the issuer signs the cert -- giving some permission or access
rights 
to the subject.  The subject doesn't need to sign the cert to receive those 
rights.

 However, there is a theory that for each transfer of rights in one
direction, 
there is a transfer of responsibility in the other direction.  Therefore,
the 
subject should sign the cert accepting the responsibility that goes along
with 
the rights.

 Ron Rivest argues that as cryptographers, all we care about is the rights 
transfer...that the responsiblity transfer is the domain of lawyers.

 For example, an attack is envisioned.  Bad company, Acme, finds your public

key someplace from some legitimate cert of yours and generates a new cert
for 
you, giving you access to their file system.  Someone breaks into their file

system and does damage, wiping out the audit logs of who broke in.  So, Acme

asks the age-old Perry Mason question:  who had keys to that door?  Your
cert 
(even though you never saw it) is a key to that door.  That makes you a 
suspect.  If for other reasons you might be even the most logical suspect,
then 
you might make it to the top of the police list and get severely hassled.

 If certs all had to be signed by their subjects as well as their issuers,
then 
we avoid this attack.

 So, since we're not lawyers -- the question we need answered is whether the

attack above is credible and whether we should bother having dual signed
certs 
to protect against it.  [Ie., require all certs to be dual signed -- not for

granting access, but for taking to court.  The second signature doesn't have
to 
be on the cert itself -- it could be on a receipt for a cert -- like the
note I 
signed back when companies would issue me brass keys to the front door.  The

cert verifier doesn't need to see the receipt.  However, if standard
practice 
is to get signed receipts for each cert issued, then the defense attny could

demand that Acme produce the receipt you signed for your key (cert) -- and
if 
they can't, then claim that you never received the cert so you couldn't have

been the person breaking in and doing damage.]

 Is this something we should worry about, in your opinion?  Do you know
others 
we should ask about this?

Thanks,

 Carl

-----BEGIN PGP SIGNATURE-----
Version: 5.0
Charset: noconv

iQCVAwUBM7GZmlQXJENzYr45AQHZLQP/QJCDzoltUnFmVnSe4fZqWGYhhsSCF0pk
PRamzNqKn4Gn3O2s8HvAGTV9U2GdnR2UCL9bIVYeAnZKimi4osOA+yuoBytKnUGy
CpAMvCO+XRO3oZfpPfKosdxs/IZYQSF/bYJVbvDbIkKQVgt9j3Z8OFeR2mUsxupq
uzIlwKjXsyY=
=xNDJ
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

---

Follow-Ups:

• Re: legal question about certs
• From: Carl Ellison <cme@cybercash.com>

---

• Prev by Date: legal question about certs
• Next by Date: Re: legal question about certs
• Prev by thread: Re: legal question about certs
• Next by thread: Re: legal question about certs
• Index(es):
  • Main
  • Thread