From: Jeff Weinstein <jsw@netscape.com>
To: cypherpunks@toad.com
Message Hash: c9bfa7ecf8efc6767b2900ceff9af7f66f6c4e1c1154ba06a873d090dabc4d43
Message ID: <3074646C.2418@netscape.com>
Reply To: <9510021553.AA13756@tis.com>
UTC Datetime: 1995-10-05 23:07:56 UTC
Raw Date: Thu, 5 Oct 95 16:07:56 PDT
From: Jeff Weinstein <jsw@netscape.com>
Date: Thu, 5 Oct 95 16:07:56 PDT
To: cypherpunks@toad.com
Subject: Re: Certificate proposal
In-Reply-To: <9510021553.AA13756@tis.com>
Message-ID: <3074646C.2418@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain
Hal wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> (...WAY behind in cypherpunks mail...)
>
> Carl Ellison <cme@TIS.COM> writes:
> >Let me propose an alternative unique name: the public key (or a good hash
> >of it). The public key has an advantage over both X.509 and PGP names.
> >The binding between it and its human being is testable. You can challenge
> >the human in question to sign something.
>
> I don't understand this whole discussion. A certificate is a signed
> binding of a key and a unique name, right? If the proposal here is
> that the unique name be a hash of the key, you are suggesting a signed
> binding of a key with its hash! What is the point of a certificate
> which binds a key to its hash? What is such a certificate asserting?
> It seems to be saying nothing at all. Anybody can already tell if a
> hash is right, for all the good that does you. It's like a notarized
> statement that 2+2=4. I don't see the point. As Carl goes on to say:
>
> >Assuming you use a public key as the unique name, you end up with a much
> >simplified certificate. In fact, the notion of "certificate" may go away,
> >in the sense that the certificate binds a key to a person through a unique
> >name. The person binds himself to his key, on challenge (or on any message
> >signature).
>
> If in fact this is just a suggestion that we not have certificates, that
> may have some value. But as a literal suggestion that certificates bind
> a key hash to a key, that just doesn't make sense to me.
>
> The thing to keep in mind is, why do we want certificates? Why not just
> use unsigned keys? If I encrypt a message for Carl based on some key I
> found lying around somewhere which someone told me is his, and I send it
> to his mailbox, and I get a reply back, how secure is that? We all know
> that you don't get the full security of the encryption if you do this.
> Man in the middle attacks might not be easy to do in such a situation but
> they are certainly possible. It is such attacks that certificates (including
> PGP key signatures) are designed to prevent.
>
> I'd like to see some grounding of this discussion in terms of the role of
> certificates, and ways to prevent man in the middle attacks. I certainly
> have no love for facist worldwide ID cards and hierarchical, organization
> based naming schemes, but just using any old key because it seems to work
> OK most of the time isn't going to fly IMO.
I think the old idea of a certificate just binding a name and
a key is turning out to not be very useful. That is why Netscape
Navigator 2.0 will support x509 version 3 certificates. They allow
arbitrary attributes to be signed into a certificate. In this new
world, you can think of a certificate as a way of binding a key with
various arbitrary attributes, one of which may be(but is not
required to be) a name.
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
Return to October 1995
Return to “Wei Dai <weidai@eskimo.com>”