Re: Netscape Changes RSA tree

• To: elgamal@netscape.com (Taher Elgamal)
• Subject: Re: Netscape Changes RSA tree
• From: szabo@netcom.com (Nick Szabo)
• Date: Fri, 21 Apr 1995 11:32:26 -0700 (PDT)
• Cc: www-security@ns1.rutgers.edu
• In-Reply-To: <3n8jt4$59q@flop.mcom.com> from "Taher Elgamal" at Apr 21, 95 03:44:36 pm

Taher Elgamal:
> certificate is a proof of identity attached to the use of a public key.

No, this is only the intention of some parties who have 
implemented what they call certificates.  The actual
mechanism of a certificate is, as you know, the hashing and reverse public
key encryption ("digital signature") over another public key and some
text.  

_One_ of many possible semantics of a signed key, or chain of signatures,
is that this "proves" "identity".  Mathematically, of course, it does no such
thing -- it only proves that public key software given access to one
key has used it to "digitally sign" another key and some accompanying
text.  Imputed on this process is that the user of that program is
claiming that the "identity" of the person who will use the signed key
is correctly described by that text.  This information in turn is
intended to come from some local government agency's records, via
some agents trusted to handle and interpret those records correctly.
This notion of identity inherent in this certification structure
leaves out most potential uses of keys, such as use by office-holders,
use for access to particular resources, claims about a key holder
having to do with characteristics other than their "identity" (such
as credit-worthiness, credentials, etc.), and perhaps most importantly,
novel interpretations of signed keys which have not yet been invented.

> The method of "binding" the identity with the public key is almost
> arbitrary here and can be done in many different ways.

It better not be almost arbitrary, otherwise the claims about identity
are almost arbitrary, and thus useless for practical business purposes,
such as collecting debts.  On the other hand if it is rigidly 
inflexible, it will also be rejected.  For
example, many governments have an equivalent of the U.S. Witness
Protection Program, in which identification is purposefully
falsified to protect the privacy of prosecution witnesses,
intelligence and undercover personel, and others for whom that government
feels this is necessary.  Some other jurisdictions consider these
alterations to be illegal forgeries, and will prosecute any individual
or business who attempts to use such identification, including, presumably,
keys certified using false ID, or false claims made by a "certfication
authority".  Nor are such forgeries in the interest of businesses
that wish to collect on debts.  No matter whether you personally
favor such forgeries for some purposes, or not, handling this issue
in the real world requires flexibility which the current RSA certification
heirarchy does not have.  Given that the Internet spans hundreds of
jurisdictions, none of them a substantial fraction of the market (note
that in the U.S.  each state keeps its own records in various ways),
I find the notion of combing all these records to map the "identity"
of millions Internet-based small shops and/or customers to their
keys, to be a rather fantastic undertaking.

> As a matter of
> fact your digitized "hand written" signature can be a part of the
> identity portion of the certificate.

This proves nothing, as the digitized form of my autograph can
be trivially copied, and a key generated for it, and that key
signed by a "certification authority" over which I have no
no control or perhaps even knowledge.

> I believe that we will need multiple levels of trust for certificates, a
> hierarchy, however, is a convenient method of verifying the trust level
> associated with a particular certificate.

What is a "trust level", how is it "verified", and how does this
accomplish anything worth the trouble for a web based shop?

Identifying and tracking millions of Internet small shops
and customers, across hundreds of jurisdictions, in a way that
disregards desires for privacy on the part of individuals,
organizations, and governments, seems far from a convenient
task to me.

Nick Szabo
szabo@netcom.com
nick@digicash.com
http://www.digicash.com/~nick/
These views do not necessarily reflect those of DigiCash.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.1

mQCNAy9wYzAAAAEEAMaP1xpCnkIe/2UC2M7EJPMjSUF5BzJb3OCEROr00AzXplPY
UrpKRaNu42Oh6G3q8RcTWCZ1qZXbZelDTMTFyCL23gs+hHB8suKuAlleqELSGr4m
9mkoMBGzKh5xuUJQYG+rtdJCm3tSijCHxZZtHsVmZUsaK4RrNiCygoHHhZGFAAUR
tB1OaWNrIFN6YWJvIDxzemFib0BuZXRjb20uY29tPg==
=ZEvk
-----END PGP PUBLIC KEY BLOCK-----

• Re: Netscape Changes RSA tree
• From: Taher Elgamal <elgamal@netscape.com>

• Previous: Re: Credit Card Security
• Next: Re: Credit Card Security
• Index(es):
  • Index
  • Thread