[Previous] [Next] [Index]
[Thread]
What is "certificate"? (was: what are realistic threats?)
To the List:
Am having a little trouble with the concept that I would have a certificate
that "certifies" that I write code without bugs. I am interpreting the term
"certificate" the way X.509 defines it.
My X.509 Certificate ties (binds) together:
my name
the public key you can use to validate my signatures
How are these bound together? Because the issuer of my certificate signs
the bits that make up my certificate. My certificate can not be altered
without invalidating my issuer's signature.
Now, you can validate my signature using my public key and know it came from
me because the issuer of my certificate says that that public key belongs to
me. The only thing my issuer has effectively "certified" is that I am the
person who signed whatever it is I sent you. You can verify the issuer's
signature on my certificate by gaining access to his certificate (and his
public key).
Why should you put am credence in my issuer's signature? Somebody issued
and signed his certificate verifying that his public key (the one you used
to verify his signature) does indeed belong to him. That somebody
"certified" that he is really the person who used the public key that signed
my certificate.
This verification of signatures on certificates continues until you find a
certificate that was signed by someone that YOU trust to sign certificates.
Once you complete this process, you are now happy that the signature on the
stuff I sent you was signed by someone with my name.
I repeat: You now know that the stuff you got from me was signed by the
person named in my certificate. You do not know anything about the contents
that I signed (other than the fact that they have not been altered since the
time that I signed them). The code I send you could have bugs even if I
signed a character string that said "This code does not have bugs". The
existence of my signature does not guarantee this nor does the signature of
my certificate issuer signify that he "certifies" me to make trusted
comments about the validity of my code (or my academic achievements).
Tracing certificate signatures back to a point you trust is a CERTIFICATE
certification path.
If I want to establish the validity of my statement about lack of bugs, I
could have a recognized expert evaluate my code and write a statement --
"Dale's code never has any bugs". He would sign that statement with his
private key and I would send you; my code, my signature, my certificate, his
statement, his signature, and his certificate. To verify the signature that
the expert created, you must complete another CERTIFICATE certification path
back to a point you trust (not necessarily the same point in the path
traversed to verify my signature).
Maybe you don't recognize the expert I chose. Maybe I should have the
President of the University that gave my expert his Ph.D. sign a statement
that the expert is an expert. In that case, I would send you my code, my
signature, my certificate, the expert's statement, his signature, his
certificate, the president's statement, his signature, and his certificate.
Tracing statements back to a point you trust is a STATEMENT certification
path.
In my mind, the CERTIFICATE certification path and the STATEMENT
certification path are completely different and are made up of different
people and/or entities.
Is it your (and buy "your" I mean anyone who cares to respond) goal to have
these certification paths be one and the same?
Would I have a different public key signature certificate for every
statement I wish to make:
- The "I write good code" public key signature certificate issued by an
expert,
- The "I have good credit" public key signature certificate issued by a
bank,
- The "It's OK to let me into your FTP server" public key signature
certificate issued by the FTP Etiquette Committee?
OR
Would I have a signed token from my bank that says I have good credit that I
would include in every financial transaction I engage in (which would be
signed using my signature key issued signature certificate issuer)?
Dale Hapeman
Follow-Ups: