[180] in WWW Security List Archive
Re: what are realistic threats?
daemon@ATHENA.MIT.EDU (Nick Szabo)
Tue Oct 4 15:11:27 1994
From: szabo@netcom.com (Nick Szabo)
To: karl@cavebear.com
Date: Tue, 4 Oct 1994 05:05:31 -0700 (PDT)
Cc: hallam@dxal18.cern.ch, tmplee@MR.Net, www-security@ns1.rutgers.edu
In-Reply-To: <9410021932.AA03689@cavebear.com> from "Karl Auerbach" at Oct 2, 94 12:32:38 pm
Reply-To: szabo@netcom.com (Nick Szabo)
Karl Auerbach:
> Different people have different definitions of "security" and you
> might not be happy with the author's definition as embedded in his/her
> program/script even if you can prove you have an authentic copy.
It's important that certificates have a well defined and understood
scope. "This program has good security" is a possible certificate:
highly reputated security experts examine and sign off
a piece of important code, for example. "The person who controls
the corresponding private key is a good credit risk" is
another possible certficate: the person's public key, plus the
text of that claim, signed by a reputable credit agency. What's
important are the reputation and incentives of the signers, and the
specific claims they have made in the certificate they are signing.
If you don't agree with the certifier's definitions of security, or
good credit risk, or "identity", or whatever other claims they
might make, or you think they lack an incentive to be straightforward
about the claim, then (assuming the system hasn't been coerced by law)
you can reject those claims and ignore the certificate.
The digital signature mechanics simply indicate that we have
the same copy that was signed and that the person controlling the
corresponding private key(s) at the time signed it.
Any other imputation is a matter of judgement and contract, which
should and will often vary greatly between applications and industries.
The signer should make some statement about why they are signing
the document: what their signature is supposed to imply about
the document. Even if the claim is just "I am the author"
that claim should be specifically made, since there are many
other reasons to sign a document besides authorship. A signature
by itself indicates no particular claim. Sometimes there might
emerge default meanings, such as the "I'm the author" claim that
is assumed for PGP signed messages, and the default "XYZ is a
real person" cross-certification system for PGP signatures. There
are many other possible claims one could make, or desire
to be made, about messages and public keys.
It's dumb to be impressed by the existence of a signature,
when the signer lacks the knowledge and expertise needed to
make a strong claim. It's dumb to make a signature where
one lacks the knowledge and expertise to make the claim.
It's even worse to make or trust a signature that goes with no
specific claim at all, except the implied "look who signed this,
be impressed!"
Nick Szabo szabo@netcom.com
