[1846] in cryptography@c2.net mail archive
Re: Signature Certificates
daemon@ATHENA.MIT.EDU (Rick Smith)
Fri Nov 14 17:57:59 1997
In-Reply-To: <01BCF04D.78CD4DC0@larry.ljl.com>
Date: Fri, 14 Nov 1997 14:36:13 -0600
To: Larry Layten <larry@ljl.com>, cryptography@c2.net
From: Rick Smith <smith@securecomputing.com>
At 4:01 PM -0600 11/13/97, Larry Layten wrote:
> ...
>I really don't like the idea of allowing my signature to be used
>for anything other than a security product that specifically
>allows <me> to sign something. Hence, I really don't want
>to give a general purpose communications routine or a Java
>enabled browser to be using it without telling me each time
>that I am signing something -- which makes it unusable
>for authentication purposes. ????
>
>Is this where I need an attribute certificate that identifies
>my PC, not me?
My own opinion is that Yes, you will need separate certificates for
separate purposes, and that "separate purposes" includes their use in
environments with greater or lesser risk of abuse. Today, for example, one
could use a different credit card for Internet purchases than you use for
other purposes.
But I think you're also touching on an emerging political issue: are
programmers supposed to control users' desktops or are users supposed to
control them? The nice thing about conventional HTTP and forms technology
is that lots of security relevant decisionmaking is fed right to the user.
Classic SSL doesn't even authenticate the user -- the user has to decide
personally whether or not to provide authentication data (usually a credit
card number and expiration date).
Yes, it's dirty and inconvenient and with the "Magic of Programming
(+TM+*)" we can tailor things so they're easy as clicking a button. ("Pay
no attention to the man behind that curtain!"). But I don't know if that's
really going to work in the long run.
I tend to look at successful security as a set of properties that give the
user a consistent lack of surprise in important matters ("don't steal my
credit card number, don't wipe out my copies of X-Files .gifs, don't put
checks in my Quicken output queue, etc.") and, equally important,
confidence that this lack of surprising events will continue. Our
confidence *should* be shaken each time we introduce new software into our
desktop. After all, that's what we learn from software "upgrades." Yet this
is the brave new world promised us by Java and ActiveX.
Rick.
smith@securecomputing.com
