[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Certificate proposal
> -----BEGIN PGP SIGNED MESSAGE-----
> (...WAY behind in cypherpunks mail...)
> Carl Ellison <[email protected]> writes:
> >Let me propose an alternative unique name: the public key (or a good hash
> >of it). The public key has an advantage over both X.509 and PGP names.
> >The binding between it and its human being is testable. You can challenge
> >the human in question to sign something.
> I don't understand this whole discussion. A certificate is a signed
> binding of a key and a unique name, right? If the proposal here is
> that the unique name be a hash of the key, you are suggesting a signed
> binding of a key with its hash! What is the point of a certificate
> which binds a key to its hash? What is such a certificate asserting?
> It seems to be saying nothing at all. Anybody can already tell if a
> hash is right, for all the good that does you. It's like a notarized
> statement that 2+2=4. I don't see the point. As Carl goes on to say:
> >Assuming you use a public key as the unique name, you end up with a much
> >simplified certificate. In fact, the notion of "certificate" may go away,
> >in the sense that the certificate binds a key to a person through a unique
> >name. The person binds himself to his key, on challenge (or on any message
> If in fact this is just a suggestion that we not have certificates, that
> may have some value. But as a literal suggestion that certificates bind
> a key hash to a key, that just doesn't make sense to me.
> The thing to keep in mind is, why do we want certificates? Why not just
> use unsigned keys? If I encrypt a message for Carl based on some key I
> found lying around somewhere which someone told me is his, and I send it
> to his mailbox, and I get a reply back, how secure is that? We all know
> that you don't get the full security of the encryption if you do this.
> Man in the middle attacks might not be easy to do in such a situation but
> they are certainly possible. It is such attacks that certificates (including
> PGP key signatures) are designed to prevent.
> I'd like to see some grounding of this discussion in terms of the role of
> certificates, and ways to prevent man in the middle attacks. I certainly
> have no love for facist worldwide ID cards and hierarchical, organization
> based naming schemes, but just using any old key because it seems to work
> OK most of the time isn't going to fly IMO.
I think the old idea of a certificate just binding a name and
a key is turning out to not be very useful. That is why Netscape
Navigator 2.0 will support x509 version 3 certificates. They allow
arbitrary attributes to be signed into a certificate. In this new
world, you can think of a certificate as a way of binding a key with
various arbitrary attributes, one of which may be(but is not
required to be) a name.
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
[email protected] - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.