At 10:46 AM 12/28/95 -0500, perry@piermont.com wrote:
"David E. Smith" writes:
The question is: how do the current software packages handle representatives and proxies for a given is-a-person? Using PGP as an example, I can't sign a message with Helen's key. Nor should you be able to, actually. And I can't :)
The right way to do this in the digital world, IMHO, is to have a standard for "Power of Attorney" documents, and for the entity receiving something signed in your key that should be signed in another person's key to also see the digitally signed power of attorney document. Then the entity can check the signature on the power of attorney was in Helen's key, and that the signed key in that document was the key that signed the document signed by the "attorney". That's more of what I was looking for. I suppose that (I'm still using PGP as my example) there could be a shared PGP key, signed by Helen and myself, where only the two of us know the passphrase, with a keyid of "David Smith <dsmith@midwest.net> on behalf of Helen Jones <helen@devnull.org>" or something similar. The obvious problem is that in sharing the pass phrase the security is weakened. (Paranoid threat model: at some point we have to decide on the pass phrase, and we are videotaped/bugged/spied upon while this takes place.)
dave ----- David E. Smith, c/o Southeast Missouri State University 1210 Towers South, Cape Girardeau MO USA 63701-4745, +1(573)339-3814 PGP ID 0x92732139, homepage http://www.midwest.net/scribers/dsmith/ Dec15-Jan15: (618)244-3340/2209 Perkins, Mt Vernon IL 62864