[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: legal question about certs
-----BEGIN PGP SIGNED MESSAGE-----
At 07:21 PM 6/30/97 -0700, Bill Stewart wrote:
>The ABA Digital Signature Guidelines which Bob Jueneman references
>have a very strong presumption that the purpose of a key is to
>identify that a specific named human being or business officer
>has seen the material being signed, and perhaps agrees with it in some way,
>and the certificate is to verify, to whatever degree of satisfaction
>the users of the CA system are paying for, that the holder of the key
>is really that specific being with that True Name, or that the being
>with that True Name holds that key.
I think I depart from the ABA thinking not on the nature of keys so much as
the nature of names.
I am perfectly serious when I say that so-called "True Names" -- names from
some global name space -- depart so far from the human names of Walton's
Mountain (where they last made some real sense) that they might as well be
random numbers (maybe with a common name inside). To me, a public key is a
superior random number with which to label a person -- to use as a name for
the keyholder -- because it is tied mathematically to the corresponding
private key and the human is tied to the private key through tamper
resistance, physical protection of computers, knowledge of passwords, etc.
Since neither the "True Name" nor the key means anything to me by itself, I
have to track down the human in some other way (probably a cert: e.g., a SDSI
name cert, a donation cert, a subpoena cert, ...) and all three of those are
more meaningful and more secure than a "traditional" ID cert mapping from a
global (X.500) name to a key.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
-----END PGP SIGNATURE-----