[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: legal question about certs

	 Unfortunately, the argument is circular.  If you are concerned
	 about a rogue CA issuing a certificate to someone who never
	 heard of that CA, that CA could invent whatever public/private
	 key pair they wished, and embed that key in the certificate
	 they are issuing!

Yup -- this is an important point, and one I'd mentioned privately to
a few folks.  Without a countersignature by an independent party,
you lose non-repudiation.  That is, if a bank is the sole certifier
of the certificate nominally associated with my bank account, it's
much harder for them to prove to the judge that I made certain withdrawals.
After all, I could claim that that wasn't my certificate, but one they
concocted out of whole cloth.