[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
>('twas 'bout time to change the subject...)
I agree that's it about time to change, or perhaps drop, the subject, but I'll give it one
>On Wed, 1 Jul 1998, Bob Jueneman wrote:
>>And my point was that Utah law in particular does NOT force you to accept any
>>unintended consequences, and neither does the VeriSign CPS. If you don't want
>>to take that risk and/or share inthe reward, buy a lower quality certificate, which will
>>have the effect of changing the level of commercial reasonableness that the
>>relying party has to prove.
>Perhaps there was a slip in your text above, since there is
>absolutely no relationship between:
>(a) Bob's certificate quality that Bob pays for, as a CA subscriber,
>and which binds Bob's key and purported name, with
>(b) the commercial reasonableness that the relying party Alice (ie, a
>certificate user -- Bob's client) has to prove.
I beg to differ.
I think that it should be obvious that a $10 certificate cannot possibly entail
a very extensive amount of due diligence investigation on the part of the CA,
assuming they are not a charitable institution.
Maybe, hopefully, this lowest bidder CA still does a reasonably competent
job of binding the key to the attributes contained in the certificate, but then again
maybe not. But it should be crystal clear that you aren't getting the type of
in-depth investigation that a New York bond lawyer does before he certifies a
bond as marketable.
So as a relying party, if I see a certificate class that is around 1 or 2 on a scale of
0 to 255, I cannot "commercially reasonably" decide that this is good and sufficient
evidence for me to sell him a oil tanker or the Chrysler Building, with nothing but
a digitally signed promise to pay. Even if I can repossess the building if the sale goes
>I must also question the reasonableness of the initial argument as a
>whole. Can legislation really make digital signatures binding and
>incapable of repudiation over the Internet? I doubt so, and on
>several counts as given below:
Yes, they can, by fiat, just as the UCC makes some similar
assertions with respect to holographically signed documents. Or
at least more accurately, they can give such documents the status
of a rebutable presumption, and then establish the
criteria and who has the burden of proof for rebutting it.
This is explicitly provided for in the UCC for certain kinds of
helder-in-due-course financial instruments, so
that each person in the cahin does not have to reexamine
the entire provenance of the signature chain. If the transaction
goes bad, you have the right to recover against
the person who last signed the document, if it wasn't valid.
He is then stuck, and he can go back against the next ot the last signer, etc.
>- please see Munden's case in UK and then answer how do you intend to
>prove that a given digital signature was really made by the purported
>signer *and* with the purported intent?
the Munden case isn't settled law, and certainly isn't applicable outsid of
jurisdiction. some of the epoint smade are valid, but there was a judge
(in Louisiana?) who through out a case of a faxed signature, claiming that
the "blips and bleeps" of a fax machine didn't consititute a writing.
Yet I'd be willing to bet that the very same judge would have been happy
to have accepted a Xerox copy of a document, whether the only essential
technical difference between the two machines is the length of the wire.
But this is why judges shouldn't be put in the position of having to decide
such cases in the absence of statutory authority and guidance, representing
In any case, facts are facts, and may have nothing to do with the internal evidence
within the machine. Maybe someone witnessed someone signing the
document, or maybe even the alleged signer actually confessed. Those
are proof issues. Certainly it would be easier to win the case if you could s
how that the signature process was running on an A1 machine with FIPS-140-1
level 4 crypto hardware, and that the keys were protected by some biometric
authenticated device, and that the certificates in the chain were still valid
Slam dunk in that case, but that it isn't a requirement for proof.
At least under common law, all you have to do is convince 12 (or sometimes
fewer) jurrors that the preponderance (51%) of the evidence favors the
fact that X signed the document, and that may
verll well include circumstantial evidence.
Even if the Munden case were applicable as settled case law, that would
only be establishing the hurdles. It still wouldn't be impossible, to overcome them,
at least presumably not, even though the hurdles may have been set high.
>- and, if the law recognises a digital signature as a signature, then
>the law must also release the signer from his obligations in the same
>cases as the law now releases the signer -- signature under the
>threat of unlawful force being just one example. How do you intend to
>prove that the signer was not forced to click "submit", on the other
>side of the line?
One excellent reason for using notarization/witnessing functions that
have nothing to do with authenticating the identity of the user, but instead
testifying as to the absence of apparent compulsion, mental incapacity,
excessive drooling, etc. Single dumb PCs that don't videotape and sound
record the transaction may not be sufficient for high-value transactions.
>- further, as in the UK, certainly for cheques and probably for other
>documents, a forgery is not binding on the person whose signature is
>forged -- notwithstanding the reasonableness of the forgery. Thus,
>how do you intend to make grandma forfeit her house just because her
>password was stolen by an ActiveX control and her digital signature
>was forged? Don't hackers also get into Pentagon computers? Why
>should the law think that grandma's computer ought to be more secure
>than the Pentagon's?
It shouldn't, and I claim that well-written statutes don't. Sloppy law is
sloppy law. Grandma certainly shouldn't have to forfeit her house,
especially once she repudiates the rebuttable presumption.
There are really three separate issues here:
1. Under what circumstances should a digital signature be rebuttably
presumed to be valid?
2. If the alleged FACT of the signature is rebutted or disputed, who should have
the burden of proof or disproof of that fact -- the signer, the relying party, or
god forbid, the CA? who is in the best positon to know the facts? (Hint: the signer).
3. Once the issue of the FACT of the signature is settled, and it is proved
adequately that the digital signature was affixed by a person or persons
unknown, but NOT by the subscriber of the certificate, who bears what
portion of the loss? (They guy who really did sign it, but only if you can identity and
then catch him.)
Note that at present if you can prove that you did not sign a check,
and that the signature was not affixed (using a rubber stamp, for example)
that you did not take reasonable and adequate care to protect, generally you
are not liable, even though you left your checkbook (but not your Chinese chop)
In that case, it is the person who accepted the check who bears the loss.
Is that fair? Sometimes, sometimes not, depending on the circumstances.
But who said life was fair? :-)
>- who warrants what to whom? In spite of CA folklore, a CA warrants
>nothing to a relying-party (one end of the deal) and nothing besides
>its own faults to the subscriber (the other end of the deal).
I'm not sure that I would go that far. Understandably, the CA is motivated
to avoid warranting anything to the relying party, to reduce their liabibility.
But in doing so, they may also be limiting their business, for obviously
the only reason for the subscriber to purcase the certificate is with the
expectation that someone will rely on it. If the relying party can't rely on
the CA, the certificate is worthless, and hence the subscriber will want
his money back.
I keep saying that the relationship betweeen the CA and the relying party
is not necessarily a case of contractual privity (although there are some who
might claim that privity may exist, especially if CRLs are checked.) Instead,
I believe the case is a lot closer to product liability law, which most corporate
attorneys (of software companies, at least) are not as familiar as the people
who make guns, lawn mowers, airplanes, etc., might be. (Of course the fact
that I said so is worth a down payment on a cup of coffee, as IANAL.)
>Here, SPKI with a null CPS and null liability is exactly equivalent
>to Verisign's CPS if you think about the relying-party and even the
>subscriber. Isn't it better then ... to favor truth in advertising
>and forget about legislating over unprovable assumptions??
I disagree that the cases are the same, by a long shot, as I do not accept the
argument that the VeriSign CPS is worthless, or successfully disclaims
all liability. They can't disclaim liability in the case of negligence, for example.
They might try, as software vendors often argue the validity of shrink-wrapped
licenses. But let's see what holds up in court.
That said, yes, there is a very great deal to be said for truth in advertising, and in fact
I hope to have up on our web site in the near future a very extensive treatise
on exactly what we are doing within Novell to provide that kind of truth in advertising
label in our certificates. Stay tuned, or beg me individually for a draft copy if
you can't stand the suspense.
>That would be reasonableness ...
From ???@??? Wed Jul 01 16:14:02 1998
Received: from mail.acm.org (mail.acm.org [126.96.36.199])
by ice.clark.net (8.8.8/8.8.8) with ESMTP id QAA08792
for <firstname.lastname@example.org>; Wed, 1 Jul 1998 16:02:15 -0400 (EDT)
Received: from novell.com (prv-mail20.Provo.Novell.COM [188.8.131.52]) by mail.acm.org (8.8.5/8.7.5) with SMTP id PAA18158 for <email@example.com>; Wed, 1 Jul 1998 15:54:12 -0400
Received: from INET-PRV-Message_Server by novell.com
with Novell_GroupWise; Wed, 01 Jul 1998 14:00:27 -0600
X-Mailer: Novell GroupWise 5.2
Date: Wed, 01 Jul 1998 14:00:07 -0600
From: "Bob Jueneman" <BJUENEMAN@novell.com>
Cc: sjb8@BYUGATE.byu.edu, firstname.lastname@example.org
Subject: Re: Digital Signature laws
Content-Type: text/plain; charset=US-ASCII
X-MIME-Autoconverted: from quoted-printable to 8bit by ice.clark.net id QAA08792
Well, that's what amkes horse races so interesting,
as they say.
Certianly there are lots of folks in the legal community
who tend to agree with you. Mostly young turks who haven't won a
case or really helped advise people yet, but think they know a lot.
But maybe they are right and I'm wrong. (I happened once before,
when it took me 8 days to create the universe. :-)
So far, I think it's about 50/50.
And that, by the way, is why I favor a 50-state laboratory, and get
really upset with the feds start talking about preemption.
Let's see what works.
No one is is a real rush --Utah certainly hasn't had to turn away
people at the doors who are clammoring to become licensed CAs.
And Verisign, despite their 80 page CPS, is gathering the vast majority
of the mind share.
>>> Carl Ellison <email@example.com> 07/01 4:32 AM >>>
-----BEGIN PGP SIGNED MESSAGE-----
>Subject: Re: RE: Final Year Thesis : SPKI
At 12:32 AM 7/1/98 -0600, Bob Jueneman wrote:
>Oh, well, at least we have fun. No personal insult intended.
and of course, none intended on my side either.
>I would argue that the Utah and similar laws were really intended to
>protect and facilitate business to business interchange, including
>interactions that were not directly financial in nature, such as contracts,
>amendments, invoices, receipts, etc.
I would agree that that is the intention of such laws.
I would also argue that this is misguided, to say the least. It seems to be
a result of lawyers, law makers and companies (CAs) rushing off to implement
something that was initially just idle speculation by cryptographers in
technical papers. There is no reason to believe a cryptographer understands
business. I should know :)
What I discovered when I actually started talking to real businesses who do
real EDI is that there is always a paper contract before people start doing
purchase orders and shipments of goods. In that paper contract, there is
plenty of room to establish one another's keys. Therefore, for real EDI,
CAs are irrelevant -- and in fact reduce security by adding a link in the
process that can go bad.
In the glorious future I see before us, with relationships forming on the
net rather than in 3D space, there will be some bits-only version of this
process. However, that process does not involve a CA and especially not an
ID certificate. The use of a name as identifier is limited to small
communities. Furthermore, it's not a name businesses care about when
deciding whether or not to enter into a contract with someone else. They
care about past performance, financial stability, quality of products, etc.
These are facts that can be certified by digital signature, in the bits-only
world, but the authorities on such facts will not be commercial CAs [unless
you decide to defend a pre-decided announcement that CAs are necessary and
so call any of these intermediaries "CAs"].
The details of how business relationships form will be a fascinating study.
I expect Organizational Behavior students to spend years figuring that out.
Mapping that to cyberspace will be another interesting challenge. I can't
say offhand how it will all turn out, but I have my guesses. Those guesses
are flimsy enough that I won't share them on this list.
In short, I see the rush to establishing CAs as an interference in this
process. It does not address what really needs to be accomplished. It
follows the assumption of a handful of cryptographers (starting with Diffie
and Hellman) who used improper analogies (the phone book) and claimed that
with that taken care of, all introduction requirements were fulfilled. I
know, they didn't say that explicitly, but that's how people took what was
said -- and then came this rush to X.500 (that failed), X.509 (that is an
albatross), Dig Sig laws (that are just waiting to cause trouble and don't
speak to business needs), commercial CAs (desperate to make money somehow,
even though the initial product (ID cert) is valueless), ....
It's interesting times.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3
-----END PGP SIGNATURE-----
|Carl M. Ellison firstname.lastname@example.org http://www.clark.net/pub/cme |
| PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
+-Officer, officer, arrest that man. He's whistling a dirty song.--+
From ???@??? Wed Jul 01 18:08:30 1998
Received: from mail.acm.org (mail.acm.org [184.108.40.206])
by ice.clark.net (8.8.8/8.8.8) with ESMTP id RAA25660
for <email@example.com>; Wed, 1 Jul 1998 17:02:15 -0400 (EDT)
Received: from blacklodge.c2.net (blacklodge.c2.net [220.127.116.11]) by mail.acm.org (8.8.5/8.7.5) with ESMTP id QAA12310; Wed, 1 Jul 1998 16:54:10 -0400
Received: (from majordom@localhost) by blacklodge.c2.net (8.8.5/8.7.3) id NAA26952 for spki-outgoing; Wed, 1 Jul 1998 13:53:00 -0700 (PDT)
X-Authentication-Warning: blacklodge.c2.net: majordom set sender to firstname.lastname@example.org using -f
Date: Wed, 1 Jul 1998 17:52:37 -0300 (EST)
From: Ed Gerck <email@example.com>
Reply-To: Ed Gerck <firstname.lastname@example.org>
To: Bob Jueneman <BJUENEMAN@novell.com>
cc: email@example.com, firstname.lastname@example.org
Subject: Re: Reasonableness
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 1 Jul 1998, Bob Jueneman wrote:
>>On Wed, 1 Jul 1998, Bob Jueneman wrote:
>>>And my point was that Utah law in particular does NOT force you to accept any
>>>unintended consequences, and neither does the VeriSign CPS. If you don't want
>>>to take that risk and/or share inthe reward, buy a lower quality certificate, which will
>>>have the effect of changing the level of commercial reasonableness that the
>>>relying party has to prove.
> Ed Gerck wrote:
>>Perhaps there was a slip in your text above, since there is
>>absolutely no relationship between:
>>(a) Bob's certificate quality that Bob pays for, as a CA subscriber,
>>and which binds Bob's key and purported name, with
>>(b) the commercial reasonableness that the relying party Alice (ie, a
>>certificate user -- Bob's client) has to prove.
>I beg to differ.
>So as a relying party, if I see a certificate class that is around 1 or 2 on a scale of
>0 to 255, I cannot "commercially reasonably" decide that this is good and sufficient
>evidence for me to sell him a oil tanker or the Chrysler Building, with nothing but
>a digitally signed promise to pay. Even if I can repossess the building if the sale goes
A $10 dollar certificate or a $500 dollar certificate from Verisign
still have zero content regarding the subscriber's assets -- X.509
certificates bind keys to names (I beg not to cite X.509 on that, but
that is so as we all know) and so much is written in the CPSs, for
So, my point stays: there is absolutely no relationship between (a)
and (b). The relying-party has no logical reason to infer that behind
a $500 cert sits a richer person...or, an honest one. Or, that the
deal will be paid for. These are all outside the domain of Verisign's
CPS... or, Utah's law... as the law cannnot enforce fortune-telling.
You seem to be confusing two completely different issues here: who
SPKI can help on that.
>>I must also question the reasonableness of the initial argument as a
>>whole. Can legislation really make digital signatures binding and
>>incapable of repudiation over the Internet? I doubt so, and on
>>several counts as given below:
>Yes, they can, by fiat, just as the UCC makes some similar
>assertions with respect to holographically signed documents.
Not the same subject, by a wide margin -- holographic signatures
exist for more than 350 years and are an established practice. But
since neither of us are lawyers nor this list is dig-sig, I propose
to skip this whole legalese part in this list.
>>- who warrants what to whom? In spite of CA folklore, a CA warrants
>>nothing to a relying-party (one end of the deal) and nothing besides
>>its own faults to the subscriber (the other end of the deal).
>I'm not sure that I would go that far.
And yet, so it is. See below.
> Understandably, the CA is motivated
>to avoid warranting anything to the relying party, to reduce their liabibility.
>But in doing so, they may also be limiting their business, for obviously
>the only reason for the subscriber to purcase the certificate is with the
>expectation that someone will rely on it. If the relying party can't rely on
>the CA, the certificate is worthless, and hence the subscriber will want
>his money back.
Tell this to the press, please. This is *exactly* the case. These
arguments were already bookmarked as "Common Misconception #3" and
"Common Misconception #4", from a series that is up to #16 now. As
given below for #3 and #4.
CM#13: "CAs do warrant their certificates, objectively or at least
intersubjectively". Wrong, CAs only warrant certificates
subjectively to themselves:
In legal reliance terms, one may trust the confirmation procedures
of the CA during certificate reliance, but one cannot rely
upon them for other than their value as a representation of the CA's
authentication management act expressed in the CA's own terms and
rules -- therefore, a X.509 certificate is neither necessarily
meaningful nor valid in a user's reference frame or for the user's
CM#4. "CAs do have contract liability to Users". Wrong, CAs have zero
contract liability to users:
Since the certificate's users (ie, historically known as the
relying-parties) are not the ones that paid for the certificate to
the CA (ie, the certificate was paid for by the subscriber), this
means that the CA has no responsiblity or contractual obligation
whatsoever to the certificate's users, hence zero liability. [ibid]
>>Here, SPKI with a null CPS and null liability is exactly equivalent
>>to Verisign's CPS if you think about the relying-party and even the
>>subscriber. Isn't it better then ... to favor truth in advertising
>>and forget about legislating over unprovable assumptions??
>I disagree that the cases are the same, by a long shot, as I do not accept the
>argument that the VeriSign CPS is worthless
I did not say that Verisign CPS is worthless. I said it was made
worthless to the user and only protects the subscriber against the
CA's own faults.
>, or successfully disclaims all liability.
It disclaims all liability to all users worldwide and that is legal.
It disclaims all liabilities to all its subscribers except in those
cases where the CA itself was provably at fault.
>They can't disclaim liability in the case of negligence, for
If you can prove they were negligent, no. I never said otherwise.
A different question is: can you prove they were negligent? can you
audit CAs? To what extent?
>They might try, as software vendors often argue the validity of shrink-wrapped
>licenses. But let's see what holds up in court.
As above, if you can prove they were negligent, then they
were....but, you will never be able to get an objective measure on
that -- at most a good legal dispute over possible viruses, potential
hacker attacks, UCC's denial on warranting results, etc..
>That said, yes, there is a very great deal to be said for truth in advertising, and in fact
>I hope to have up on our web site in the near future a very extensive treatise
>on exactly what we are doing within Novell to provide that kind of truth in advertising
>label in our certificates. Stay tuned, or beg me individually for a draft copy if
>you can't stand the suspense.
When CAs have to (as figuratively said) "put their money where their
mouth is" I have often said that they soon find out that the whole
issue is indeed simple and that they have only two options: either
license Verisign's CPS or bootleg it...
Further, one does not have to be clarvoyant to perceive that the
early entrants to the CA market are most likely to make a windfall
... but, as the CA market matures at a rate accelerated by Moore's
law, the industry will realize its limitations and move on to a next
generation solution, leaving the late entrants (who?) holding the
bag, and a disproportionate amount of the blame.
Which will be just reasonable.
Dr.rer.nat. E. Gerck email@example.com
--- Meta-Certificate Group member, http://www.mcg.org.br ---