[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: legal question about certs

To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: legal question about certs
From: Carl Ellison <cme@cybercash.com>
Date: Mon, 30 Jun 1997 23:51:53 -0400
Cc: Bob Jueneman <BJUENEMAN@novell.com>, szabo@best.com, Robert.Smart@mel.dit.csiro.au, spki@c2.net, banisar@epic.org
In-Reply-To: <3.0.2.32.19970630192156.00777100@popd.ix.netcom.com>
References: <s3b24139.008@novell.com>
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----

At 07:21 PM 6/30/97 -0700, Bill Stewart wrote:
>The ABA Digital Signature Guidelines which Bob Jueneman references
>have a very strong presumption that the purpose of a key is to 
>identify that a specific named human being or business officer
>has seen the material being signed, and perhaps agrees with it in some way,
>and the certificate is to verify, to whatever degree of satisfaction
>the users of the CA system are paying for, that the holder of the key
>is really that specific being with that True Name, or that the being
>with that True Name holds that key.

I think I depart from the ABA thinking not on the nature of keys so much as 
the nature of names.

I am perfectly serious when I say that so-called "True Names" -- names from 
some global name space -- depart so far from the human names of Walton's 
Mountain (where they last made some real sense) that they might as well be 
random numbers (maybe with a common name inside).  To me, a public key is a 
superior random number with which to label a person -- to use as a name for 
the keyholder -- because it is tied mathematically to the corresponding 
private key and the human is tied to the private key through tamper 
resistance, physical protection of computers, knowledge of passwords, etc.  
Since neither the "True Name" nor the key means anything to me by itself, I 
have to track down the human in some other way (probably a cert: e.g., a SDSI 
name cert, a donation cert, a subpoena cert, ...) and all three of those are 
more meaningful and more secure than a "traditional" ID cert mapping from a 
global (X.500) name to a key.

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQCVAwUBM7h+2FQXJENzYr45AQENHAQAicPITOVzrJITjokrfTE0ARvEMKjZxXIt
SY8oGczb9e/e2OhwL9A4wWHGNaes6Aw+3TOTtZKKL75UHxUjQruTcDYdMcj6oJFR
LFUwdKIPg9H1WX5ghKHWIYeDC1fdOehxBw5TqrJh7BuBGqEiIZ2FwdVyKdiiUVP3
rqP29y+6GYQ=
=nrg5
-----END PGP SIGNATURE-----

+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

Follow-Ups:

Re: legal question about certs

From: Nick Szabo <szabo@best.com>

References:

Re: legal question about certs

From: Bill Stewart <stewarts@ix.netcom.com>

Prev by Date: Re: legal question about certs
Next by Date: P.S. Re: legal question about certs
Prev by thread: Re: legal question about certs
Next by thread: Re: legal question about certs
Index(es):
- Main
- Thread