[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: legal question about certs
Unfortunately, the argument is circular. If you are concerned
about a rogue CA issuing a certificate to someone who never
heard of that CA, that CA could invent whatever public/private
key pair they wished, and embed that key in the certificate
they are issuing!
Yup -- this is an important point, and one I'd mentioned privately to
a few folks. Without a countersignature by an independent party,
you lose non-repudiation. That is, if a bank is the sole certifier
of the certificate nominally associated with my bank account, it's
much harder for them to prove to the judge that I made certain withdrawals.
After all, I could claim that that wasn't my certificate, but one they
concocted out of whole cloth.