[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Subject signing redux (was: Re: Mary is Mary)

To: dpkemp@missi.ncsc.mil, spki@c2.net
Subject: Re: Subject signing redux (was: Re: Mary is Mary)
From: cme@cybercash.com (Carl Ellison)
Date: Wed, 2 Jul 97 18:47:13 EDT
Sender: owner-spki@c2.net

>From: dpkemp@missi.ncsc.mil (David P. Kemp)
>To: spki@c2.net
>Subject: Re: Subject signing redux (was: Re: Mary is Mary)
>
>
>When the subpoena request comes in to Jon, asking him to produce the
>body to whom he issued the cert, he can still lie and claim that Mary
>has a key that she never had.  Requiring keyholders to sign certs does
>not protect keyholders from being framed by dishonest issuers.
>

Yes, you're correct.  If you have a subpoena cert, then the process
serving company had better be honest.  So -- there's still a reason
for bonding, insurance -- maybe even government intervention (although
I'm not sure I'd trust the gov't over an established company in 
the private sector.

 - Carl

Prev by Date: server-signed certificates, My confusion regarding
Next by Date: Re: legal question about certs
Prev by thread: Re: Subject signing redux (was: Re: Mary is Mary)
Next by thread: Re: legal question about certs
Index(es):
- Main
- Thread