[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Reasonable validation of a software package
At 11:33 -0400 7/13/96, Michael Froomkin wrote:
>This illustrates the need for and role of certification authorities.
>
>See http://www.law.miami.edu/~froomkin/articles/trusted.htm for some
>info.
>
["this" being the possibility that someone would generate lots of signed
public keys with your name on them]
However, there's nothing to stop generation of many certificates from
trusted CAs with your name on them. In fact, if you have a name like
Michael Smith, and if a CA is successful, there *will be* lots of
certificates with your name on them, even without anyone's trying to do
anything crooked.
The problem people overlook is that a CA binds a public key to a name but
the name is in the CA's name space. For me, a verifier, to derive any
value from a certificate binding (key,name), the name has to be in *my*
name space.
If there were such a thing as a global namespace meaningful to everyone,
then we could both use it. That's the X.500 falacy/pipe-dream.
The fact is, no global name space could be held in one human's mind, so
there's no way a global name space could be meaningful to me.
So, to use a certificate from a CA, I need to map a name from its name
space (DN) into a name in my name space (nickname). Every time I've looked
at that process, I've had to have a secure channel over which to learn from
the person I call by that nickname what DN he goes by. If I have that
secure channel, then he could tell me his public key fingerprint ove that
cnnel -- and I wouldn't need the CA.
- Carl
+------------------------------------------------------------------------+
|Carl M. Ellison [email protected] http://www.clark.net/pub/cme |
|PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2|
| "Officer, officer, arrest that man! He's whistling a dirty song." |
+-------------------------------------------- Jean Ellison (aka Mother) -+