Certificate proposal

Jeff Weinstein jsw at netscape.com
Thu Oct 5 16:07:56 PDT 1995


Hal wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> (...WAY behind in cypherpunks mail...)
> 
> Carl Ellison <cme at TIS.COM> writes:
> >Let me propose an alternative unique name: the public key (or a good hash
> >of it).  The public key has an advantage over both X.509 and PGP names.
> >The binding between it and its human being is testable.  You can challenge
> >the human in question to sign something.
> 
> I don't understand this whole discussion.  A certificate is a signed
> binding of a key and a unique name, right?  If the proposal here is
> that the unique name be a hash of the key, you are suggesting a signed
> binding of a key with its hash!  What is the point of a certificate
> which binds a key to its hash?  What is such a certificate asserting?
> It seems to be saying nothing at all.  Anybody can already tell if a
> hash is right, for all the good that does you.  It's like a notarized
> statement that 2+2=4.  I don't see the point.  As Carl goes on to say:
> 
> >Assuming you use a public key as the unique name, you end up with a much
> >simplified certificate.  In fact, the notion of "certificate" may go away,
> >in the sense that the certificate binds a key to a person through a unique
> >name.  The person binds himself to his key, on challenge (or on any message
> >signature).
> 
> If in fact this is just a suggestion that we not have certificates, that
> may have some value.  But as a literal suggestion that certificates bind
> a key hash to a key, that just doesn't make sense to me.
> 
> The thing to keep in mind is, why do we want certificates?  Why not just
> use unsigned keys?  If I encrypt a message for Carl based on some key I
> found lying around somewhere which someone told me is his, and I send it
> to his mailbox, and I get a reply back, how secure is that?  We all know
> that you don't get the full security of the encryption if you do this.
> Man in the middle attacks might not be easy to do in such a situation but
> they are certainly possible.  It is such attacks that certificates (including
> PGP key signatures) are designed to prevent.
> 
> I'd like to see some grounding of this discussion in terms of the role of
> certificates, and ways to prevent man in the middle attacks.  I certainly
> have no love for facist worldwide ID cards and hierarchical, organization
> based naming schemes, but just using any old key because it seems to work
> OK most of the time isn't going to fly IMO.

  I think the old idea of a certificate just binding a name and
a key is turning out to not be very useful.  That is why Netscape
Navigator 2.0 will support x509 version 3 certificates.  They allow
arbitrary attributes to be signed into a certificate.  In this new
world, you can think of a certificate as a way of binding a key with
various arbitrary attributes, one of which may be(but is not
required to be) a name.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw at netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.






More information about the cypherpunks-legacy mailing list