Re: Netscape Changes RSA tree

• To: Hal <hfinney@shell.portal.com>
• Subject: Re: Netscape Changes RSA tree
• From: jis@mit.edu (Jeffrey I. Schiller)
• Date: Thu, 27 Apr 1995 11:12:23 -0400
• Cc: www-security@ns2.rutgers.edu

-----BEGIN PGP SIGNED MESSAGE-----

At 13:06 4/25/95, Hal wrote:
>With the hierarchical approach, OTOH, there is the assumption that trust
>is transitive in this sense.  If RSA signs the key of MIT, and that key
>signs the MIT computer-science department key, and that key signs the
>key of some member of the CS department, then if I trust the RSA hierarchy
>I do conclude that the final key in the chain is valid.

Actually this is the theory. However in practice one of two things happens:

1) The upper levels of the hierarchies place onerous restrictions on the
lower levels in order to enforce that trust can be had down the tree.
However very few organizations buy into this approach.

2) The upper levels deny any liability for the actions of the subordinate
organizations (and even for their own actions). In this case you cannot
trust lower keys because the upper levels are not providing the assurance
that lower levels are trustworthy.

I have often seen both of the above terms in proposed licenses for key
hierarchies. This is one of the key reasons that Privacy Enhanced Mail (PEM) 
has failed so far to take off globally.

The PGP Web of trust (as implemented today) doesn't *require* anyone to
vouch for anyone else's key. If I sign someone's key, and you are willing to 
trust my judgment, then you can do so. If not, you don't have to. But I do
not have to sign any agreement with any third party that constrains my
behavior or creates additional liability.

Btw. I am very hopeful of the effort that the U.S. Post Office is doing on
this front. They may well wind up creating a key hierarchy that has
sovereign immunity, which is what I believe you need. In other words the
government runs the CA and asserts the validity of the directly subordinate
keys. The government can also then attach criminal penalties to people who
provide fraudulent information with the intention of creating bogus
certificates. Similarly the government can create criminal penalties to
apply to Post Office employees who engage in fraudulent practices as they
technically operate the Post Office CAs.

                                -Jeff


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBL5+0DMUtR20Nv5BtAQEJjQP/Q0yESDhHABTX3s7VnoJGqfmx8Em2U/fd
tpeaYz6KZ00GtctcRTFyjFix6d16f5GZo+xDNhSyMUC45UbFSMnO2mwp5ZvslvWN
ChOL+kqc0keS+awYeS3S+o6VrO7/GoWjr+KWbN5++dyEETgCeN67TqJJTlsf0Otr
A5EtqYZeZHM=
=NKMx
-----END PGP SIGNATURE-----

• Previous: Re: Re- Hierarchies and Webs of [trust]
• Next: Re: Re- Hierarchies and Webs of [trust]
• Index(es):
  • Index
  • Thread