[1825] in cryptography@c2.net mail archive
Re: States of Identity
daemon@ATHENA.MIT.EDU (Rick Smith)
Tue Nov 11 15:56:55 1997
In-Reply-To: <v03110722b08c31863fb7@[139.167.130.248]>
Date: Tue, 11 Nov 1997 13:55:35 -0600
To: Robert Hettinga <rah@shipwright.com>, cryptography@c2.net
From: Rick Smith <smith@securecomputing.com>
At 10:35 PM -0500 11/9/97, Robert Hettinga wrote:
>From: Daniel Greenwood <dan@CIVICS.COM>
>Subject: States of Identity
>Comments: cc: "dan.greenwood@state.ma.us" <dan.greenwood@state.ma.us>
>To: DIGSIG@VM.TEMPLE.EDU
> [...]
>*Reg. Contemplates Cert. That Shows Ongoing "Control" of Private Key*
>
>One interesting thing I noticed while scanning PKI section of the reg.s
>is that certificate may be used "to certify that [the signer] controls
>the key pair used to create the signature." This is different from the
>usual regulatory expectation that the certificate merely be issued in
>the first instance to the correct person. Here the purpose seems to be
>that the certificate constitutes some kind of warranty that the signer
>(presumably one who has already signed) controls (present tense) the key
>used to sign. I think this would be a very useful purpose of a cert. I
>wonder if the Texas regulators envision that this warranty is backed up
>by some contractual arrangement with the signer by the CA or if they
>have some other method in mind?
If I read this correctly, the implication is that once you've "signed" a
certificate and declared that you "control" your private key, future events
can not change this situation. In other words, the problem of revoking a
public key certificate has been eliminated by legislation -- you simply
*can't* revoke a certificate. God help you if someone steals your private
key.
Is this *really* what these guys mean?
Rick.
smith@securecomputing.com Secure Computing Corporation
"Internet Cryptography" in bookstores http://www.visi.com/crypto/
