Re: What is "certificate"? (was: what are realistic threats?)

• To: Hapeman Dale <hapemand@asq8.bah.com>
• Subject: Re: What is "certificate"? (was: what are realistic threats?)
• From: Robin Garner <garnerr@ozemail.com.au>
• Date: Sat, 15 Oct 1994 23:54:04 +1000 (EST)
• Cc: "'www-security'" <www-security@ns1.rutgers.edu>
• In-Reply-To: <2E953003@smtpj.bah.com>
• Reply-To: Robin Garner <garnerr@ozemail.com.au>

On Fri, 7 Oct 1994, Hapeman Dale wrote:

> To the List:
> 
> Am having a little trouble with the concept that I would have a certificate 
> that "certifies" that I write code without bugs.  I am interpreting the term 
> "certificate" the way X.509 defines it.
 ... 
> I repeat:  You now know that the stuff you got from me was signed by the 
> person named in my certificate.  You do not know anything about the contents 
> that I signed (other than the fact that they have not been altered since the 
[deleted]
> In my mind, the CERTIFICATE certification path and the STATEMENT 
> certification path are completely different and are made up of different 
> people and/or entities.
> 
> Dale Hapeman

OK.  Let's reduce it to basics.  The exact semantic content of a message 
M signed by a key K is that K says M (eg look at Lampson, Abadi, Burrows and 
Wobber ACM TOCS 10,4 11/92), ie that the posessor of the key K issued the 
statement M.  Anything more is a meta-statement about your trust in the 
person/entity you *believe* possesses the key K.

For public key cryptography to succeed, you assume some reliable medium 
for transmission of public keys - or more precisely, the upper bound on 
your trust in statements made under a key K is defined by its means of 
transmission.  A public key loaded directly into your smart card over the 
counter at the bank will carry slightly :-) more credibility than one 
received via a Usenet news posting.

Assuming that you trust that the key K speaks for the person you believe 
it does, then your trust in any messages signed by that key is certainly 
no better than what you would have if they said it to you face to face.  
The truth content of "Program P is free of bugs" signed by the key K is at 
best "The person who I believe posesses K believes that P is bug free".

This statement is rather less than absolute certitude, but compared to 
an E-mail message to the effect, which could be summarized as "Someone 
who either has access to the author's account or knows how to forge SMTP 
messages wants me to believe that something I believe to be P is free of 
bugs", it is a tad more convincing.

Lets not take signed messages to be anything other than statements of 
belief.

------
Robin Garner					Email: GarnerR@ozemail.com.au
System Management Consultant			ph: +61 6 248 0114

• What is "certificate"? (was: what are realistic threats?)
• From: Hapeman Dale <hapemand@asq8.bah.com>

• Previous: Re: What is "certificate"?
• Next: Bellcore's Trusted Software Integrity System (Betsi)
• Index(es):
  • Index
  • Thread