Proxy/Representation?
Caveat: I haven't yet looked through the archives, and it's late. This may sound even less intelligent than most of what's on the list as of late (although what with the flamewars about I'm not sure if that's possible). Today I made a purchase at a local store using a personal check that wasn't mine. It very clearly wasn't mine (since the name on the check was Helen and mine is Dave), but I am a duly appointed representative of Helen in certain affairs. Including this one, which was <blush> grocery shopping </blush>. (There are also other affairs, some with actual legal consequences, and there is paperwork to that effect in a lawyer's safe somewhere.) The question is: how do the current software packages handle representatives and proxies for a given is-a-person? Using PGP as an example, I can't sign a message with Helen's key. And a message signed with my key won't hold as much weight because "Dave" is not "Helen." And if every message I send on behalf of Helen has to be followed up by a message from Helen stating "yes, Dave may act on my behalf for this instance" then much of the point of the proxy process is lost. (i.e. the reduction of Helen's workload etc.) I'm sure that this has already popped up, so I'll just ask for pointers. dave ----- David E. Smith, c/o Southeast Missouri State University 1210 Towers South, Cape Girardeau MO USA 63701-4745, +1(573)339-3814 PGP ID 0x92732139, homepage http://www.midwest.net/scribers/dsmith/ Dec15-Jan15: (618)244-3340/2209 Perkins, Mt Vernon IL 62864
"David E. Smith" writes:
The question is: how do the current software packages handle representatives and proxies for a given is-a-person? Using PGP as an example, I can't sign a message with Helen's key.
Nor should you be able to, actually. When you sign a document on behalf of another and have "Power of Attorney" in the paper world, you sign your own name and indicate that you are signing on behalf of another, as in "David Smith for Helen Smith". The right way to do this in the digital world, IMHO, is to have a standard for "Power of Attorney" documents, and for the entity receiving something signed in your key that should be signed in another person's key to also see the digitally signed power of attorney document. Then the entity can check the signature on the power of attorney was in Helen's key, and that the signed key in that document was the key that signed the document signed by the "attorney".
I'm sure that this has already popped up, so I'll just ask for pointers.
Actually, I haven't seen it mentioned before -- its only a subset of other problems, though, like transient keys signed by longer term keys. There should be some standardization in formats to handle this. Perry
David E. Smith wrote:
The question is: how do the current software packages handle representatives and proxies for a given is-a-person? Using PGP as an example, I can't sign a message with Helen's key. And a message signed with my key won't hold as much weight because "Dave" is not "Helen." And if every message I send on behalf of Helen has to be followed up by a message from Helen stating "yes, Dave may act on my behalf for this instance" then much of the point of the proxy process is lost. (i.e. the reduction of Helen's workload etc.)
I would think a power-of-attorney, signed by Helen, would do the trick. This would normally be valid for some pre-defined period, for a pre-defined set of transactions, and would not have to be generated anew each time.
participants (3)
-
David E. Smith -
lull@acm.org -
Perry E. Metzger