[611] in WWW Security List Archive
Re: Netscape Changes RSA tree
daemon@ATHENA.MIT.EDU (wcs@anchor.ho.att.com)
Sat Apr 22 07:58:10 1995
From: wcs@anchor.ho.att.com
Date: Sat, 22 Apr 95 01:08:27 PDT
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
> From: Taher Elgamal <elgamal@netscape.com>
...
> I think we are mixing a certificate with a digital signature. A
> certificate is a proof of identity attached to the use of a public key.
...
> I believe that we will need multiple levels of trust for certificates,
> a hierarchy, however, is a convenient method of verifying the trust
> level associated with a particular certificate.
One of the problems with RSADSI's style of certificates is that
they're inherently hierarchical, which means you need to trust
the structure designed by the people at the top for certification,
and tree-shaped chains of identification need to be adequate.
The PGP Web-of-Trust model is more general, and hierarchies are
a special case of it, so if you've got web-of-trust support in your software,
it'll work just as well for certificates from a certificate company,
military ID cards, anarchist collectives, or your anti-nuclear group.
Nobody needs permission from anybody's organization, and you can
build any structure into it that you want; all you need to use it
are reliably-known keys from somebody well-connected, whether you
view that person as being on the top or merely in the middle.
Hierarchical certification is often not appropriate.
Generality is good, and it's not much harder than hierarchy,
and it's a much better thing to build into a tool that will
be widely used.
In the case of Web page forms, often what you want security for
is credit card numbers, so certification from a bank is appropriate,
and maybe that bank's key is certified with a key printed on the
back of your credit card and on all your credit card bills.
On the other hand, if you're trying to pass around information
on the Loud Raves Calendar, maybe you want to certify that
the person asking for the location is a friend of a friend.
Or maybe your religion / secret society wants to put out a web page
for members only, with an MPEG of the secret handshake - for some
groups hierarchical is fine (your certificate is signed by your
priest, who's signed by the bishop, who's signed by the Pope),
but for other groups it's really not, and maybe you need
multiple signatures from different people before it's valid.
Or maybe to take over the nuclear button when the President's not
around you need signatures from Congress, the Army, and Al Haig.
Bill Stewart
