[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: legal question about certs
"I'm not an attorney, but..."
This is precisely why, in the ABA Digital Signature Guidelines, and in the
statutes that several states have passed that follows those guidelines,
there is the requirement that the subscriber (subject) of a certificate
ACCEPT the certificate prior to it being valid. If the CA publishes a
certificate prior to the subject approving and accepting it, they are at
serious risk, and the subject can disavow any transaction that allegedly
signed with their key. You can consult the comments for further details.
That doesn't necessarily mean that the subject has to sign the certificate
to indicate acceptance, although that would seem to have some merit.
\Unfortunately, the argument is circular. If you are concerned about a
rogue CA issuing a certificate to someone who never heard of that CA, that
CA could invent whatever public/private key pair they wished, and embed that
key in the certificate they are issuing!
I realize that the argument is more convoluted than just issuing certs, but
this is certainly a danger that you have to watch out for. Although I'm not
sure that merely signing the certificate is sufficient because of the rogue
CA argument, without such a receipt there is going to have to be some much
more complex auditing and other functions provided.
Bob
Robert R. Jueneman
Security Architect
Novell, Inc.
Internet Infrastructure Division
122 East 1700 South
Provo, UT 84604
801/861-7387
bjueneman@novell.com
>>> Carl Ellison <cme@cybercash.com> 06/25/97 04:20PM >>>
-----BEGIN PGP SIGNED MESSAGE-----
Dave,
we have a gentle war brewing on the SPKI list.
The question is whether the subject of a certificate should sign it.
Normally, the issuer signs the cert -- giving some permission or access
rights
to the subject. The subject doesn't need to sign the cert to receive those
rights.
However, there is a theory that for each transfer of rights in one
direction,
there is a transfer of responsibility in the other direction. Therefore,
the
subject should sign the cert accepting the responsibility that goes along
with
the rights.
Ron Rivest argues that as cryptographers, all we care about is the rights
transfer...that the responsiblity transfer is the domain of lawyers.
For example, an attack is envisioned. Bad company, Acme, finds your public
key someplace from some legitimate cert of yours and generates a new cert
for
you, giving you access to their file system. Someone breaks into their file
system and does damage, wiping out the audit logs of who broke in. So, Acme
asks the age-old Perry Mason question: who had keys to that door? Your
cert
(even though you never saw it) is a key to that door. That makes you a
suspect. If for other reasons you might be even the most logical suspect,
then
you might make it to the top of the police list and get severely hassled.
If certs all had to be signed by their subjects as well as their issuers,
then
we avoid this attack.
So, since we're not lawyers -- the question we need answered is whether the
attack above is credible and whether we should bother having dual signed
certs
to protect against it. [Ie., require all certs to be dual signed -- not for
granting access, but for taking to court. The second signature doesn't have
to
be on the cert itself -- it could be on a receipt for a cert -- like the
note I
signed back when companies would issue me brass keys to the front door. The
cert verifier doesn't need to see the receipt. However, if standard
practice
is to get signed receipts for each cert issued, then the defense attny could
demand that Acme produce the receipt you signed for your key (cert) -- and
if
they can't, then claim that you never received the cert so you couldn't have
been the person breaking in and doing damage.]
Is this something we should worry about, in your opinion? Do you know
others
we should ask about this?
Thanks,
Carl
-----BEGIN PGP SIGNATURE-----
Version: 5.0
Charset: noconv
iQCVAwUBM7GZmlQXJENzYr45AQHZLQP/QJCDzoltUnFmVnSe4fZqWGYhhsSCF0pk
PRamzNqKn4Gn3O2s8HvAGTV9U2GdnR2UCL9bIVYeAnZKimi4osOA+yuoBytKnUGy
CpAMvCO+XRO3oZfpPfKosdxs/IZYQSF/bYJVbvDbIkKQVgt9j3Z8OFeR2mUsxupq
uzIlwKjXsyY=
=xNDJ
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
Follow-Ups: