EU Draft Digital Signature Directive

[Denis.Russell@ncl.ac.uk]

At 12:40 pm +0100 27/8/98, Brian Gladman wrote:
>...  At very best all a
>digital signature can do is to confirm that we are actually exchanging data
>with the person (or entity) we expect - it says nothing at all about the
>trust or confidence we should have in them as people (or processes).

This is the important distinction that keeps getting missed. :-(

>When I sign a public key of a colleague I am simply asserting my belief (not
>a fact) that this key belongs to them - I am saying ***nothing*** about
>their trustworthiness as a person.  Others might not sign the key of a
>colleague who they don't trust (and might hence be trying to say something
>about them) but anyone who expects such behaviour to be the norm is taking a
>very big risk.

At the risk of boring folk with a lengthy agreement with Brian Gladman that
I thought wasn't necessary, this is the point I was trying to make
concerning my comments on interpreting what an entry in a public directory
tells you.

The technology of digital signatures gives a method of showing to a high
degree of certainty that something with x's digital signature was actually
signed by x. (There are all the usual caveats that x has obeyed the right
procedures and that her key has not been compromised by Tempest
eavesdropping, cracking with secret quantum mechanical computers,
blackmail, seduction etc, etc, but let's accept these threats as fairly
small. The rest of this depends on the assumption that digital signatures
work to a high degree of reliability.)

If x "signs y's key" this is equivalent to x emitting the message "I, x,
believe that the key nnn belongs to y" and signing it digitally. To believe
this, you need to accept that X can be trusted to be telling the truth, and
has probably not been duped (and digital signatures can be trusted).
Depending on your confidence in x as an authority, you can accept this
wholly or partially. Note that this depends to a mostly on your trust in X.
If you only partially trust X, or think that while a jolly good person they
are sometimes a little gullible then you may accept the authenticity of y's
key partially, or to some level or something. This trust in the
authenticity of the key can increase as you get more and more confirmations
from independent sources (and decrease if you get disagreements). The
confidence in the sources and their independence is a matter of human
judgement. It is not a technical matter. (You might wish to turn that into
some computer model by assigning numbers and automate the process by adding
numbers together until you reach some threshold, but that is merely a
convenience.)

Note that this process merely asserts the validity of y's key, but says
nothing else about y. It would be perfectly valid for me to generate a
message "I, x, believe that the key nnn belongs to Y. I also know that Y is
not to be trusted under any circumstances since she has swindled old folk
out of their pensions and poisoned children." and sign that message with my
key to authenticate it. As a recipient of that message, you may wish to
believe parts of it and reject other parts of it depending of what you know
about me as a person to be trusted. Again, this is not a matter of
technology.

The concept of certification authorities is an attempt to institutionalise
one application of digital signatures - signing and authenticating keys
that can themselves be used to sign things. The idea is to use
unimpeachable authorities and methods (unspecified - but outside the
technology) to obtain people/key pairs (or entity/key pairs) and make them
publicly available. In this way, the initial distribution of the
certification authority's key (by unspecified means outside the protocol)
together with your trust in the authority and their procedures, allows a
simple distribution of keys. But it is keys alone. The implied message is
"this is y's key" and nothing more. Note the implication or assumption of
complete 100% trust in the certification authority. In some circumstances
this may be acceptable. In others it maybe won't be.

Of course, there is nothing to stop different certification authorities
setting up different kinds of certification services - i.e. different
implicit or explicit messages. For example, ABTA could set up a list of
online travel agencies that are ABTA bonded, and use digital signatures to
authenticate the digital statements (certificates) that say so. Again, the
BMA could set up an online register of qualified doctors together with
their current photographs, etc so that hospitals could check the
credentials of applicants for jobs and again use digital signatures. If you
believe ABTA and the BMA you can believe their certificates. These, and
many more are *possible* *future* applications of digital signature
technology, but current notions of (Key) Certification Authorities are only
about keys. Period.

>>Trust is a lengthy process of getting to know the character
>>and reliability of a business associate and for this there is
>>no substitute.
>
>
>Correct and not what digital signatures seek to achieve.
>...

Absolutely.

	Denis.