From: lull@acm.org (John Lull)
Date: Wed, 3 Jan 1996 21:08:08 +0800
To: jirib@cs.monash.edu.au
Subject: Re: Proxy/Representation?
In-Reply-To: <199601030633.RAA16556@sweeney.cs.monash.edu.au>
Message-ID: <30ea3076.11971382@smtp.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 03 Jan 1996 17:32:59 +1100 (EST), jirib@cs.monash.edu.au
wrote:

> To avoid such confusion, Dave should create a separate key with 
> the key ID "Dave pp. Helen" (or similar). However, Helen doesn't need
> to (shouldn't) know that key! This is Dave's key, created by Dave
> for Dave's use while he is agent for Helen. Helen would probably
> sign this key, but doesn't need to since the PoA has the f'print.
> 
> In fact, you don't want Helen to know it, so that if Dave oversteps
> his authority she can prove that it was him not her. Ie if Helen finds
> out the key, Dave should revoke it.

There is also something to be said for Helen having a copy of the
revocation certificate for the key.  If Helen believes Dave has or is
likely to overstep his authority, she could then essentially revoke
the power of attorney by revoking the "Dave pp. Helen" key.