[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: legal question about certs

> At 05:39 PM 6/25/97 -0600, Bob Jueneman wrote:
> >\Unfortunately, the argument is circular.  If you are concerned about a
> >rogue CA issuing a certificate to someone who never heard of that CA, that
> >CA could invent whatever public/private key pair they wished, and embed that
> >key in the certificate they are issuing!
> Aha!  Another reason not to have identity certs.  With pure SPKI certs, 
> there is no identity other than the key, so a CA can't invent a key pair and 
> attach it to anyone.  With SDSI, there is no identity of meaning to anyone 
> other than the CA, so the same applies.

The major assumption which no one has challenged until now, and you,
Carl, have done it somewhat obliquely, is that an identity cert binds a
key to a person.  This is absolutely not true, as the draft points
out.  The laws of mathematics bind a key to a person; the identity cert
binds the key to a name which may or may not be the person you think it
is.  The matter in question is not whether the key belongs to the name,
but whether the name belongs to the person.  The issuer must show that
the legal entity unambiguously named in the certificate possessed the
key, not that the keyholder approved of the certificate issuance.  My
strong feeling about this is that presentation of a certificate, and
use of the privileges thereby granted, constitutes acceptance of it.

Ed Gerck's example does not illustrate his point but the opposite.  If
I did not sign the certificate granting me access to the damaged site,
there is no reason whatever to suppose that I had anything to do with
the intrusion.  My signature on the cert would give more reason to
suspect me, but even so, someone would have to prove that I alone
possessed the private key, which would require (at minimum) evidence
that I had used it - which evidence could not be gathered without my
cooperation at some point.  This does nothing more than highlight the
extreme responsibility of anyone issuing identity certs, and the
extreme caution one must take in relying on them.

To summarize, then, my signature on a certificate does not protect me;
it only protects the issuer from liability for statements signed by my
key, and then only in the presence of acceptable evidence that I (the
legal, prosecutable, physical I) had exclusive possession of the
associated private key.  Rules of evidence must be carefully crafted
for this, in light of technological realities;  I don't envy those in
this position.


Brian Thomas, CISSP - Distributed Systems Architect  bt0008@entropy.sbc.com
Southwestern Bell                                    bthomas@primary.net
One Bell Center,  Room 34G3                          Tel: 314 235 3141
St. Louis, MO 63101                                  Fax: 314 235 0162