Jim Dixon wrote:
[snip]
The CA certifies that X is your public key.
________________________^^^^^^^^^
Who is you? That is the real question. To leave CAs out for the
moment, imagine J. Doe and J. Doe, two different people, each put
a public key on a server and you get a message created with a
private key. You get the public key and validate it comes from
one of the two J. Does. The question is who is the "real" J. Doe?
Is one real and the other a repudiated key? Is one real and the
other is trying to "steal" the identity of the other? Or is it
simply that there are, indeed, two people with the same name?
Adding a CA merely adds one layer of obfuscation and opportunity
for false certification.
If the CA starts handing out false public keys - which is the worst
that it could do, right? - it will find itself instantly distrusted.
Everybody in the world will be able to see that the CA used its private
key to sign a false statement.
Will they? What evidence do you have that "proves" the
certificate is bogus? Say that the person who is having his
identity stolen for whatever purpose discovers that there is a
second certificate with his name on it but a different public
key, what can he do, yell loudly, "No, I'm the real me!" How do
we know that it isn't someone who is trying to muddy the waters
and that the certificate holder is the real person?
The offended party need only put the
false declaration up on the Web.
How many "The Boy Who Cried Wolf" cases would have to happen
before we wouldn't trust *any* public key to represent who we
think it does?
How will dissident groups keep from getting compromised when
fighting oppression?
Best,
Allen
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
