[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: legal question about certs

Brian M. Thomas wrote:
> -> Ed Gerck's example does not illustrate his point but the opposite.  If
> -> I did not sign the certificate granting me access to the damaged site,
> -> there is no reason whatever to suppose that I had anything to do with
> -> the intrusion.  

Ed Gerck:
> That's exactly my point. You are not liable if you don't sign.

Such a stark binary conclusion is unwarranted.  Evidence can have 
greater or lesser weight, and must be judged in context.  If the 
issuer is highly reputable, and signed a certificate containing your 
name and a key, that might be weighted quite highly as evidence.
If the issuer is of ill repute and was capable of forging
an identity certificate as well as the particular authorization
certificate, a self-signed certificate might have lesser weight.  
As Brian pointed out, your self-signed certificate or the
private identity key itself might have been stolen, in which
case it may add little weight to the evidence.

Surrounding messages (requests for certificates and their 
fullifillment, signed receipts, etc.), also provide evidence.   
Each of these pieces of evidence is judged in context of the others.
No single piece is conclusive.

As long as cryptographic protocols "ground out" in weak assumptions
(trusted third parties, sole keyholders, etc.) there is no such 
thing as strong cryptographic evidence, only strong cryptographic
transformations that must be interpreted in weak contextual ways.

Brian Thomas:
> ...This does nothing more than highlight the
> extreme responsibility of anyone issuing identity certs, and the
> extreme caution one must take in relying on them.

Here we are in total agreement.  A good rule of thumb may be,
don't expose more than what the certificate authority(s)
and naming authority(s) are willing to be liable for.

Brian Thomas:
> ...the presence of acceptable evidence that I (the
> legal, prosecutable, physical I) had exclusive possession of the
> associated private key. 

This problem has always been assumed away in PKI architectures.
It would be very interesting to see it tackled.  The only
(nearly) strong mechanisms I can imagine at the moment are invasive:
e.g., an audit log with cumulative published hashes for everything
you do with the key, with the log revealed upon dispute.
Biometrics may help quite a bit here as well.

Otherwise, it's back to fuzzy issues such as, what (dis-)incentive
did you have to give out your key, what incentive did others
have to steal or fraudulently issue it, how difficult would it be to 
steal, and so on.

Brian Thomas:
> Rules of evidence must be carefully crafted
> for this, in light of technological realities;  I don't envy those in
> this position.

Total agreement again.

Nick Szabo

Follow-Ups: References: