Certificate proposal

Bob Smart smart at mel.dit.csiro.au
Sat Oct 7 05:23:45 PDT 1995


The key-centric scheme is not inconsistent with the use of names. Universal
names are useful in directories and private names are useful ways for
individuals to name public keys that are important. The key-centric view 
is not name-free. The difference is just this: Are attributes attached 
to keys or names?

In any public key system, however long your certificate chain at the
end of that chain there has to be a public key you trust. It can't be
a name it has to be a key. So even the most name-centric system has
a key-centric core. 

 > >1. We go through some process, let's call it Process A, where we determine
 > >   that we want to talk to IP address 192.9.8.7.
 > 
 > This would be, say, a DNS lookup on www.egghead.com.

That picks a process where there is no significant difference. But 
consider another common case. We are running a server that accepts
connections from anyone. We get a connect packet from 192.9.8.7. So
that is how we determine that we want to talk to 192.9.8.7: in order
to serve it.

In the standard view we now do a reverse lookup to get a name then
go to the DNS again to get the public key associated with that name.
And yet we don't care who we are talking to, and we don't need or
want to have to work out whether we trust the certificate. There was 
no reason why we couldn't have just had a secure conversation without 
ever doing any directory lookups.

I have seen it asserted that we would never want to have a secure 
conversation with someone when we don't know who they are. I strongly 
disagree with that. Suppose in our example that our server sells 
alcohol in exchange for digital cash:

 a. We want the sequence of packets from our purchaser to be authenticated.
    We don't want some humourist doubling the order or otherwise
    corrupting it.

 b. The purchaser is entitled to a private (encrypted) conversation.
    For example maybe he is Islamic and doesn't want to his religious
    bretheren on his ethernet to know about his alcohol purchases.

Now another aspect is that you need to be over 18 to buy alcohol
[in Australia]. So the purchaser has to present a certificate signed
by the appropriate authority saying that the owner of the public key
is over 18. But note that in the key-centric world the liquor seller
doesn't have to know who the purchaser is. The certificate that says
you are over 18 is a separate thing, not mixed up in an X.509 v3
certificate that also has your name, address and sexual preference.

So a question: you are the liquor seller. How do you want the information
about the "appropriate authority" that signs those "over 18" certificates? 
Do you want a name that can give you an X.509 certificate and a certificate 
chain from a directory service? Or do you think you should get hold of the
public key yourself in some way that gives you real confidence?

Bob Smart






More information about the cypherpunks-legacy mailing list