1995-12-29 - Re: Proxy/Representation?

Header Data

From: Scott Brickner <sjb@universe.digex.net>
To: “David E. Smith” <dsmith@midwest.net>
Message Hash: 63def72609cc37263687712b4b91eeb2d0cd304dceb50d596a23d9c42b759e22
Message ID: <199512291752.MAA11504@universe.digex.net>
Reply To: <199512290017.SAA00619@cdale1.midwest.net>
UTC Datetime: 1995-12-29 22:51:13 UTC
Raw Date: Sat, 30 Dec 1995 06:51:13 +0800

Raw message

From: Scott Brickner <sjb@universe.digex.net>
Date: Sat, 30 Dec 1995 06:51:13 +0800
To: "David E. Smith" <dsmith@midwest.net>
Subject: Re: Proxy/Representation?
In-Reply-To: <199512290017.SAA00619@cdale1.midwest.net>
Message-ID: <199512291752.MAA11504@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain

"David E. Smith" writes:
>That's more of what I was looking for.  I suppose that (I'm still using
>PGP as my example) there could be a shared PGP key, signed by Helen and
>myself, where only the two of us know the passphrase, with a keyid of
>"David Smith <dsmith@midwest.net> on behalf of Helen Jones <helen@devnull.org>"
>or something similar.  The obvious problem is that in sharing the pass
>phrase the security is weakened.  (Paranoid threat model: at some point
>we have to decide on the pass phrase, and we are videotaped/bugged/spied
>upon while this takes place.)

Why bother with the shared key?  You need a message from Helen describing
the powers with which you are invested, signed by her key.  The wonderful
thing about data is that copying it is virtually free.  When you issue an 
order on her behalf, include a copy of the signed PoA, and sign the whole
thing with your key.