Re: Proxy/Representation?
At 10:46 AM 12/28/95 -0500, perry@piermont.com wrote:
"David E. Smith" writes:
The question is: how do the current software packages handle representatives and proxies for a given is-a-person? Using PGP as an example, I can't sign a message with Helen's key. Nor should you be able to, actually. And I can't :)
The right way to do this in the digital world, IMHO, is to have a standard for "Power of Attorney" documents, and for the entity receiving something signed in your key that should be signed in another person's key to also see the digitally signed power of attorney document. Then the entity can check the signature on the power of attorney was in Helen's key, and that the signed key in that document was the key that signed the document signed by the "attorney". That's more of what I was looking for. I suppose that (I'm still using PGP as my example) there could be a shared PGP key, signed by Helen and myself, where only the two of us know the passphrase, with a keyid of "David Smith <dsmith@midwest.net> on behalf of Helen Jones <helen@devnull.org>" or something similar. The obvious problem is that in sharing the pass phrase the security is weakened. (Paranoid threat model: at some point we have to decide on the pass phrase, and we are videotaped/bugged/spied upon while this takes place.)
dave ----- David E. Smith, c/o Southeast Missouri State University 1210 Towers South, Cape Girardeau MO USA 63701-4745, +1(573)339-3814 PGP ID 0x92732139, homepage http://www.midwest.net/scribers/dsmith/ Dec15-Jan15: (618)244-3340/2209 Perkins, Mt Vernon IL 62864
"David E. Smith" writes:
That's more of what I was looking for. I suppose that (I'm still using PGP as my example) there could be a shared PGP key, signed by Helen and myself, where only the two of us know the passphrase, with a keyid of "David Smith <dsmith@midwest.net> on behalf of Helen Jones <helen@devnull.org>" or something similar. The obvious problem is that in sharing the pass phrase the security is weakened. (Paranoid threat model: at some point we have to decide on the pass phrase, and we are videotaped/bugged/spied upon while this takes place.)
Why bother with the shared key? You need a message from Helen describing the powers with which you are invested, signed by her key. The wonderful thing about data is that copying it is virtually free. When you issue an order on her behalf, include a copy of the signed PoA, and sign the whole thing with your key.
"David E. Smith" writes:
The right way to do this in the digital world, IMHO, is to have a standard for "Power of Attorney" documents, and for the entity receiving something signed in your key that should be signed in another person's key to also see the digitally signed power of attorney document. Then the entity can check the signature on the power of attorney was in Helen's key, and that the signed key in that document was the key that signed the document signed by the "attorney".
That's more of what I was looking for. I suppose that (I'm still using PGP as my example) there could be a shared PGP key, signed by Helen and myself, where only the two of us know the passphrase,
Huh? Why? Why would you need such a thing? If you reread what I wrote above, you would see that such a thing is completely unneeded. Perry
-----BEGIN PGP SIGNED MESSAGE----- Hello "David E. Smith" <dsmith@midwest.net> and cypherpunks@toad.com and "Perry E. Metzger" <perry@piermont.com> PEM wrote:
"David E. Smith" writes: ...[about power of attorney and PGP, reply-to-reply]...
standard for "Power of Attorney" documents, and for the entity receiving something signed in your key that should be signed in another person's key to also see the digitally signed power of ... That's more of what I was looking for. I suppose that (I'm still using PGP as my example) there could be a shared PGP key, signed by Helen and myself, where only the two of us know the passphrase,
I don't think that's what was intended. If I understood: There'd be a document (hereinafter PoA) signed by Helen which would say "This is a PoA appointing Dave, PGP key X fingerprint Y, to do A, B, C on my behalf #include<lawyerspeak.h>". Then, when signing, Dave would sign with his own key X, making sure that every document has "p.p. Helen" at the end. The recipient checks Dave's signature on the document and Helen's signature on the PoA.
Huh? Why? Why would you need [a separate key]? ...
Many automatic systems will assume that a key can only sign for one person (though each person may have several keys). Therefore, it'll confuse "Dave" and "pp. Helen". The RISKS are obvious. To avoid such confusion, Dave should create a separate key with the key ID "Dave pp. Helen" (or similar). However, Helen doesn't need to (shouldn't) know that key! This is Dave's key, created by Dave for Dave's use while he is agent for Helen. Helen would probably sign this key, but doesn't need to since the PoA has the f'print. In fact, you don't want Helen to know it, so that if Dave oversteps his authority she can prove that it was him not her. Ie if Helen finds out the key, Dave should revoke it. Hope that makes sense... Jiri - -- If you want an answer, please mail to <jirib@cs.monash.edu.au>. On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) PGP EF0607F9 (but it's at uni so don't rely on it too much) -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMOoi4CxV6mvvBgf5AQGUJwP/fUPQgzYrbAuGGC8Q4ha8zNNoiAJVU3Rw /mAZbPtG6OQsoFal3xKtsquilXuCsj40btJc2XaTNL7adcKAN+0ZNwYgCHC5C8Yc zzgTwCSdnb9t8RY6vcZeIcXixboF1BKGtqSyzICJfd7yHNJWrh0YfUzTSPVD6jXC kOl7JNurEFY= =a/TW -----END PGP SIGNATURE-----
On Wed, 03 Jan 1996 17:32:59 +1100 (EST), jirib@cs.monash.edu.au wrote:
To avoid such confusion, Dave should create a separate key with the key ID "Dave pp. Helen" (or similar). However, Helen doesn't need to (shouldn't) know that key! This is Dave's key, created by Dave for Dave's use while he is agent for Helen. Helen would probably sign this key, but doesn't need to since the PoA has the f'print.
In fact, you don't want Helen to know it, so that if Dave oversteps his authority she can prove that it was him not her. Ie if Helen finds out the key, Dave should revoke it.
There is also something to be said for Helen having a copy of the revocation certificate for the key. If Helen believes Dave has or is likely to overstep his authority, she could then essentially revoke the power of attorney by revoking the "Dave pp. Helen" key.
participants (5)
-
David E. Smith -
Jiri Baum -
lull@acm.org -
Perry E. Metzger -
Scott Brickner