[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: legal question about certs


At 07:21 PM 6/30/97 -0700, Bill Stewart wrote:
>The ABA Digital Signature Guidelines which Bob Jueneman references
>have a very strong presumption that the purpose of a key is to 
>identify that a specific named human being or business officer
>has seen the material being signed, and perhaps agrees with it in some way,
>and the certificate is to verify, to whatever degree of satisfaction
>the users of the CA system are paying for, that the holder of the key
>is really that specific being with that True Name, or that the being
>with that True Name holds that key.

I think I depart from the ABA thinking not on the nature of keys so much as 
the nature of names.

I am perfectly serious when I say that so-called "True Names" -- names from 
some global name space -- depart so far from the human names of Walton's 
Mountain (where they last made some real sense) that they might as well be 
random numbers (maybe with a common name inside).  To me, a public key is a 
superior random number with which to label a person -- to use as a name for 
the keyholder -- because it is tied mathematically to the corresponding 
private key and the human is tied to the private key through tamper 
resistance, physical protection of computers, knowledge of passwords, etc.  
Since neither the "True Name" nor the key means anything to me by itself, I 
have to track down the human in some other way (probably a cert: e.g., a SDSI 
name cert, a donation cert, a subpoena cert, ...) and all three of those are 
more meaningful and more secure than a "traditional" ID cert mapping from a 
global (X.500) name to a key.

 - Carl

Version: PGP for Personal Privacy 5.0
Charset: noconv