[546] in cryptography@c2.net mail archive
re: John Kelsey's post (maybe)
daemon@ATHENA.MIT.EDU (A. Padgett Peterson P.E. Informati)
Tue Apr 15 11:33:33 1997
Date: Tue, 15 Apr 1997 9:23:15 -0400 (EDT)
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
To: hal@rain.org
CC: cryptography@c2.net
I think we are getting bogged down in the separation between "keys"
and "certificates". Are two differnt things.
To me, a "key" is something that is generated/assigned to a person/entity.
A "certificate" is something that validates the key for one or more
purposes. To effect a legal transaction, both will be needed.
CAs will issue/revoke certificates, not keys. Key servers will distribute
keys with/without certificates. Users will distribute/revoke keys with
or without certificates. Escrow/recovery agents will hold keys. Four
separate functions which may be combined in a single entity as required.
Is possible that a fifth function "key generation" will also be needed
though is likely that will be a user/entity operation.
Note that there are only two points at which revocation may take place -
certificates may be revoked by the CA and the user/entity may revoke
keys. Obviously there will need to be a legal process for revocation
on the termination of a CA or user/entity but can handle that separately.
Any other mechanism invites abuse.
Finally, since each element is capable of misuse, there must be penalties
established and enforced to make sure that this does not occur. True,
it would be trivial for a CA to forge a key and sign it.
The possibility for abuse centers on the age old problem of key management:
at some point trust must be esablished. With symmetric ciphers, every
end point had to be trusted for each message. With asymmetric ciphers,
trust needs only to be established once, the problem is that this may not
be easy.
As a result, a single CA signature may not be enough, for certain items
possibly multiple CA signatures may be required just as on multi-signature
checks today.
Do not think it will be difficult, but will be part of the end-game just
as two forms of identification are oftem required today.
Warmly,
Padgett
