[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Subject signing redux (was: Re: Mary is Mary)

To: dpkemp@missi.ncsc.mil (David P. Kemp)
Subject: Re: Subject signing redux (was: Re: Mary is Mary)
From: Carl Ellison <cme@cybercash.com>
Date: Fri, 27 Jun 1997 19:38:16 -0400
Cc: spki@c2.net
In-Reply-To: <199706271424.KAA04919@argon.ncsc.mil>
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----

At 10:24 AM 6/27/97 -0400, David P. Kemp wrote:
>> 2. The attack: 
>> 
>> The attack is "framing Mary".
>>   [...]

>In the entire following discussion, I have not seen any technical arguments
>to support the notion that there is an engineering solution to the framing
>attack.  In particular, there has been no response to the points raised
>by Jim McCoy and Steve Bellovin:
>
>> From: Steven Bellovin <smb@research.att.com>
>>
>> After all, I could claim that that wasn't my certificate, but one they
>> concocted out of whole cloth.
>
>
>Please explain, in the simplest possible terms, how subject-signed
>certificates prevent the "framing Mary" attack.
>
>Assume:
>
>  1) Jon wants to frame Mary. He issues a cert to his accomplice Mallet:
>
>     Mallet's sig [
>       Jon's sig { Subject=Mary, PubKey=1234, Auth="I am a lawyer" }
>     ]
>
>
>  2) Mallet uses the cert to conduct a legal transaction in Mary's name.
>
>  3) Steve McGarret confronts Mary: "You've been practicing law without
>     a license"
>
>  4) Mary says: "But I don't have the private key to that cert.  Honest.
>     I *swear*."
>
>  5) McGarret:  "Book her, Danno."
>
>Explain:
>
>  How subject-signing allows Mary to *prove* that her name was used
>  without her authorization.

David,

	I fear you've fallen into the trap of believing the X.509 thinking.  We never 
claimed to tie something to Mary through her name.  No one can hope to convince 
anyone that Mary is involved merely because there is a cert with SDSI name Mary 
tied to some key, which key is then tied to something bad.  A principal in 
SPKI/SDSI is a key.  The holder of the private key is the person we care about 
by definition.  We don't often know any name for that person, other than 
(keyholder (K)).  If the private key has signed a receipt for a cert, then in 
fact the indicated person (namely "(keyholder (K))") has accepted the cert.

	If you also want to map from (K) to (keyholder (K)) -- ie., from the key space 
to the person in 3D space, you need one of those other certificates (e.g., a 
donation cert or a subpoena cert) I was talking about before this all started.

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQCVAwUBM7RO51QXJENzYr45AQE1ggP7Bx0aVGciSOvM13D26OQX+f8AuYc0ZnHO
jKpN5An6aKJO6D6fXcbhpMnK2/X1XTeoVEqk0Z06kTHBW9vqGLH+XMR2DvJYBflY
bva/vKfMfZw+Q5IATfXF7QrGvGsut7yI3w+DZwMTmGKdoKsBFHnkrW6Mn70gBURf
uIdTnJndD3I=
=3+1Y
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

References:

Re: Subject signing redux (was: Re: Mary is Mary)

From: dpkemp@missi.ncsc.mil (David P. Kemp)

Prev by Date: Re: Top SDSI issues
Next by Date: Re: Top SDSI issues
Prev by thread: Re: Subject signing redux (was: Re: Mary is Mary)
Next by thread: Re: definition of cert - trust in SPKI certs
Index(es):
- Main
- Thread