EU Draft Digital Signature Directive

Nicholas Bohm nbohm at ernest.net
Fri, 28 Aug 1998 18:29:48 +0100 

At 11:43 AM 8/28/98 +0100, Charles Lindsey wrote:
>	On Thu, 27 Aug 1998 17:15:58 +0100
>	Denis.Russell@ncl.ac.uk said...
>
>> At the risk of boring folk with a lengthy agreement with Brian Gladman that
>> I thought wasn't necessary, this is the point I was trying to make
>> concerning my comments on interpreting what an entry in a public directory
>> tells you.
>> 
>> The technology of digital signatures gives a method of showing to a high
>> degree of certainty that something with x's digital signature was actually
>> signed by x. (There are all the usual caveats that x has obeyed the right
>> procedures and that her key has not been compromised by Tempest
>> eavesdropping, cracking with secret quantum mechanical computers,
>> blackmail, seduction etc, etc, but let's accept these threats as fairly
>> small. The rest of this depends on the assumption that digital signatures
>> work to a high degree of reliability.)
>
>No, that is the old perception of what a digital signature means. The
>world is moving on (see SPKI, and also some hooks in the open-pgp
>draft).
>
>There are various kinds of certificate. There is the one that certifies
>"Key X belongs to individual Y - certified by CA Z". That is the
>classical one, and it is still the appropriate one for many purposes.
>Essentially, it extends whatever trust you have in Z to the indivudual Y
>(modulo whatever fancy formula you choose to use to calculate trust).

Surely not:  if the Post Office says "This key belongs to Y", I may trust
this statement without trusting Y at all.  And all the Post Office can say
is "We have followed certain procedures which suggest firmly that a person
has access to the private key corresponding to this key and has the
following attributes: ..."  This cannot show that no other person has
access to the private key, and for that you have to trust Y, or throw legal
burdens on him which make it his risk.

[snip]

	Regards,

		Nicholas Bohm

Salkyns, Great Canfield,
Takeley, Bishop's Stortford CM22 6SX, UK

Phone		01279 870285	(+44 1279 870285)
Fax		01279 870215	(+44 1279 870215)
Mobile   	0860 636749  	(+44 860 636749)

PGP RSA 1024 bit public key ID: 0x08340015.  Fingerprint:
9E 15 FB 2A 54 96 24 37  98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF