1997-10-27 - Re: Laws recognizing digital signatures

Header Data

From: lutz@belenus.iks-jena.de (Lutz Donnerhacke)
To: cypherpunks@Algebra.COM
Message Hash: 75002d130eec9bd7bb20c3a398780d0ac5b4d255c4203760ca2356653b0ae9fb
Message ID: <slrn659t18.6ck.lutz@belenus.iks-jena.de>
Reply To: <3.0.3.32.19971026204052.006b547c@popd.ix.netcom.com>
UTC Datetime: 1997-10-27 20:11:55 UTC
Raw Date: Tue, 28 Oct 1997 04:11:55 +0800

Raw message

From: lutz@belenus.iks-jena.de (Lutz Donnerhacke)
Date: Tue, 28 Oct 1997 04:11:55 +0800
To: cypherpunks@Algebra.COM
Subject: Re: Laws recognizing digital signatures
In-Reply-To: <3.0.3.32.19971026204052.006b547c@popd.ix.netcom.com>
Message-ID: <slrn659t18.6ck.lutz@belenus.iks-jena.de>
MIME-Version: 1.0
Content-Type: text/plain



* stewarts@ix.netcom.com wrote:
>The basic problem is 
>- Person Alice may have a key
>- Merchant Bob has an online store
>- Customer X presents Bob with a key K, certified by CA Charlie,
>	claiming that she's Alice, K is Alice's key,
>	and downloads the merchandise from Bob.
>- Alice says it wasn't her and refuses to pay Bob the bill.
>
>So who gets stuck with the bill?  Alice?  Bob?  Charlie?

Bob asks Charlie, who is really behind K. Charlie must be able to point to
Alice. If he can't do that, Bob will sue him. (Like any customer fooled by a
McLain control signed and certified by Verisign, which revoke the
certificate due to a request from Microsoft.)

Alice is responsible for her key K. If X can fool Bob, he has access to the
secret part of K, so the problem goes to Alice. Alice can inform Charlie for
revoking the certificate. If she did this, the problem went to Charlie. If
he updated his public database, the problem went to Bob. If Bob did non
check nor get a real timestamp (I.e. eternity logfile), he has lost.
Otherwise he lost, because he knew, that Alice's key was comprimised before
delivery.






Thread