EU Draft Digital Signature Directive

Charles Lindsey chl at clw.cs.man.ac.uk
Fri, 28 Aug 1998 11:43:47 +0100 

	On Thu, 27 Aug 1998 17:15:58 +0100
	Denis.Russell@ncl.ac.uk said...

> At the risk of boring folk with a lengthy agreement with Brian Gladman that
> I thought wasn't necessary, this is the point I was trying to make
> concerning my comments on interpreting what an entry in a public directory
> tells you.
> 
> The technology of digital signatures gives a method of showing to a high
> degree of certainty that something with x's digital signature was actually
> signed by x. (There are all the usual caveats that x has obeyed the right
> procedures and that her key has not been compromised by Tempest
> eavesdropping, cracking with secret quantum mechanical computers,
> blackmail, seduction etc, etc, but let's accept these threats as fairly
> small. The rest of this depends on the assumption that digital signatures
> work to a high degree of reliability.)

No, that is the old perception of what a digital signature means. The
world is moving on (see SPKI, and also some hooks in the open-pgp
draft).

There are various kinds of certificate. There is the one that certifies
"Key X belongs to individual Y - certified by CA Z". That is the
classical one, and it is still the appropriate one for many purposes.
Essentially, it extends whatever trust you have in Z to the indivudual Y
(modulo whatever fancy formula you choose to use to calculate trust).

But there are also certificates that certify "The holder of Key X is
authorized to perform operation Y - certified by Z". Again, your view
of X's competence to do Y will depend on whether you believe Z is in a
position to grant such permissions, so you might expect to see a further
certificate from Z' to say that he is. Indeed, you can get quite long
chains of certificates, which can be checked automatically according to
whatever criteria you choose to apply. But ultimately it will depend on
one or more "root" certificates which had better be attached to real
people whose trustworthiness you will have to ascertain by non-digital
means.
> 
> 
> Of course, there is nothing to stop different certification authorities
> setting up different kinds of certification services - i.e. different
> implicit or explicit messages. For example, ABTA could set up a list of
> online travel agencies that are ABTA bonded, and use digital signatures to
> authenticate the digital statements (certificates) that say so. Again, the
> BMA could set up an online register of qualified doctors together with
> their current photographs, etc so that hospitals could check the
> credentials of applicants for jobs and again use digital signatures. If you
> believe ABTA and the BMA you can believe their certificates. These, and
> many more are *possible* *future* applications of digital signature
> technology, but current notions of (Key) Certification Authorities are only
> about keys. Period.
> 
Yes, good examples of the sort of thing I mentioned. But the point is
that Public Key Infrastructures are now being designed to implement
models of that sort.

Charles H. Lindsey ---------At Home, doing my own thing------------------------
Email:     chl@clw.cs.man.ac.uk  Web:   http://www.cs.man.ac.uk/~chl
Voice/Fax: +44 161 437 4506      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9     Fingerprint: 73 6D C2 51 93 A0 01 E7  65 E8 64 7E 14 A4 AB A5