[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificates/Anonymity/Policy/True Names



> What about when the CA signing key is stolen, factored, or otherwise falls  
> into the wrong hands, thereby possibly making every signature made by the CA  
> worthless, or at least questionable?
> 
> I assume liability will be based on the CA's efforts to ensure the integrity  
> of the signatures it makes (and therefore the confidentiality of the secret  
> key components), but what constitutes due diligence?  As we all know,  
> security measures cover a very wide range and can reach ridiculous  
> proportions on both ends of the spectrum...  How much security will be  
> 'enough' from a legal standpoint...?

an excellent point, and one that i'd not seriously considered until i saw 
your post. given today's legal climate, assuring the confidentiality of 
a ca's key would be pretty expensive. i suppose burning cd-roms with all 
transactions would help to document all transactions, but would not be 
definitive as far as the signatures go. any document signed with the key 
would really have to be considered valid if the signature itself is to 
really mean anything in a legal sense. if one were to allege that a 
signature is not valid, even though it checked out cryptologically, how 
could one defend against a charge that the secret key had been 
compromised. you cannot prove a negative. obviously, ianal, but i would 
think it would be reasonably easy to convince at least one jury member 
that there is a reasonable dought that the key had been compromised.

then again, it might be similar to a claim that a signature has been 
forged.

i think there could be a danger of allowing the confidence in a given 
piece of crypto to unduly influence a jury of a document's authenticity 
when the key _had_ been compromised. the 'gee wiz' factor could be fairly 
significant among juries. given statements like 'you could take all the 
computers on the planet and let them crunch on it for a billion years 
would be needed', a jury might miss issues of security.

fwiw, my 2 cents...

          *********************************************
          *          / Only God can see the whole     *
          *  O[%\%\%{<>===========================-   *
          *          \ Mandlebrot Set at Once!        *
          * amp                                       *
          * <[email protected]>                  *
          * <[email protected]>               *
          *********************************************
Key fingerprint =  A7 97 70 0F E2 5B 95 7C  DB 7C 2B BF 0F E1 69 1D