[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reasonable validation of a software package



At 11:33 -0400 7/13/96, Michael Froomkin wrote:
>This illustrates the need for and role of certification authorities.
>
>See http://www.law.miami.edu/~froomkin/articles/trusted.htm  for some
>info.
>

["this" being the possibility that someone would generate lots of signed
public keys with your name on them]

However, there's nothing to stop generation of many certificates from
trusted CAs with your name on them.  In fact, if you have a name like
Michael Smith, and if a CA is successful, there *will be* lots of
certificates with your name on them, even without anyone's trying to do
anything crooked.

The problem people overlook is that a CA binds a public key to a name but
the name is in the CA's name space.  For me, a verifier, to derive any
value from a certificate binding (key,name), the name has to be in *my*
name space.

If there were such a thing as a global namespace meaningful to everyone,
then we could both use it.  That's the X.500 falacy/pipe-dream.

The fact is, no global name space could be held in one human's mind, so
there's no way a global name space could be meaningful to me.

So, to use a certificate from a CA, I need to map a name from its name
space (DN) into a name in my name space (nickname).  Every time I've looked
at that process, I've had to have a secure channel over which to learn from
the person I call by that nickname what DN he goes by.  If I have that
secure channel, then he could tell me his public key fingerprint ove that
cnnel -- and I wouldn't need the CA.

 - Carl


+------------------------------------------------------------------------+
|Carl M. Ellison   [email protected]     http://www.clark.net/pub/cme          |
|PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2|
|  "Officer, officer, arrest that man!  He's whistling a dirty song."    |
+-------------------------------------------- Jean Ellison (aka Mother) -+