-----BEGIN PGP SIGNED MESSAGE----- (...WAY behind in cypherpunks mail...) Carl Ellison <cme@TIS.COM> writes:
Let me propose an alternative unique name: the public key (or a good hash of it). The public key has an advantage over both X.509 and PGP names. The binding between it and its human being is testable. You can challenge the human in question to sign something.
I don't understand this whole discussion. A certificate is a signed binding of a key and a unique name, right? If the proposal here is that the unique name be a hash of the key, you are suggesting a signed binding of a key with its hash! What is the point of a certificate which binds a key to its hash? What is such a certificate asserting? It seems to be saying nothing at all. Anybody can already tell if a hash is right, for all the good that does you. It's like a notarized statement that 2+2=4. I don't see the point. As Carl goes on to say:
Assuming you use a public key as the unique name, you end up with a much simplified certificate. In fact, the notion of "certificate" may go away, in the sense that the certificate binds a key to a person through a unique name. The person binds himself to his key, on challenge (or on any message signature).
If in fact this is just a suggestion that we not have certificates, that may have some value. But as a literal suggestion that certificates bind a key hash to a key, that just doesn't make sense to me. The thing to keep in mind is, why do we want certificates? Why not just use unsigned keys? If I encrypt a message for Carl based on some key I found lying around somewhere which someone told me is his, and I send it to his mailbox, and I get a reply back, how secure is that? We all know that you don't get the full security of the encryption if you do this. Man in the middle attacks might not be easy to do in such a situation but they are certainly possible. It is such attacks that certificates (including PGP key signatures) are designed to prevent. I'd like to see some grounding of this discussion in terms of the role of certificates, and ways to prevent man in the middle attacks. I certainly have no love for facist worldwide ID cards and hierarchical, organization based naming schemes, but just using any old key because it seems to work OK most of the time isn't going to fly IMO. Hal -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBMHQw5BnMLJtOy9MBAQEDFQIAxvq8EC5zBMvUYGjwMUb2LDy/kt0gP19Z S8BY+fxswuQCIqyet6WqddtVNyBE6QlO7XTTOX5RtZvMLHLN0YVp3A== =Bq7+ -----END PGP SIGNATURE-----