[1845] in cryptography@c2.net mail archive
Rewrite of Signature Certificates
daemon@ATHENA.MIT.EDU (Larry Layten)
Fri Nov 14 14:21:05 1997
From: Larry Layten <larry@ljl.com>
To: "'cryptography@c2.net'" <cryptography@c2.net>
Date: Fri, 14 Nov 1997 12:53:31 -0600
After sleeping on it, I decided that my previous message
was probably unclear. I am sending what I hope is a
clarification, since I haven't received the other message
from the list server yet.
It may be that I am just beginning to understand what
many of you have been talking about for some time
now, but I am deeply disturbed by the current
implementation direction of digital signature technology.
We have been providing email application security for
some time now, and in doing so, we have been very
careful to insure that a users signature is not applied
to anything the user doesn't know about; i.e.: before
displaying an MSP encoded message that would
generate a signed return receipt, we give the user the
opportunity to reject opening of the message.
All of this has been done with the thinking that a user's
signature is something that the user will want to control
and not be indiscriminately utilized.
On the other hand, we recognize that the authentication
feature that digital signatures supply are of great benefit
and in fact have implemented two way strong binds using
digital signature techniques (actually, using a users digital
signature key pair). We also have implemented Authenticated
SSL. In each of these cases, we allow a user to issue a
"power of attorney" to our application that implements these
protocols allowing that application to sign authentication
transactions with hosts they wish to communicate with.
This power of attorney is granted based upon the fact that
the protocols themselves are cryptographically secure --
i.e.: that they do not allow a signature to be provided that
does not include a client provided value in the hash that is
to be signed -- and that the values that are signed are defined
to be only authentication information. Hence, the power of
attorney is limited to the authentication. This is slightly :-)
bothering, since as a user, I am signing a limited power of
attorney that I am unable to read since I don't have access
to the source code, or I don't read that language.
But -- it is my understanding that Java applets and active-x
controls also have access to the security functions. I may
trust the supplier of one of these controls enough to allow
them to establish a secure link with me, but I certainly don't
trust them enough to give them a full power of attorney. But
it again is my understanding, that is what I am doing by
logging into a security provider (unlocking my digital signature
private key) while in a bowser.
Hopefully someone out there can show me that my concerns
are ill founded!
Thanks,
Larry
