A crazy thought?

[Allen]

Jim Dixon wrote:

[snip]

> The CA certifies that X is your public key.  
________________________^^^^^^^^^

Who is you? That is the real question. To leave CAs out for the 
moment, imagine J. Doe and J. Doe, two different people, each put 
a public key on a server and you get a message created with a 
private key. You get the public key and validate it comes from 
one of the two J. Does. The question is who is the "real" J. Doe? 
Is one real and the other a repudiated key? Is one real and the 
other is trying to "steal" the identity of the other? Or is it 
simply that there are, indeed, two people with the same name?

Adding a CA merely adds one layer of obfuscation and opportunity 
for false certification.

> If the CA starts handing out false public keys - which is the worst
> that it could do, right? - it will find itself instantly distrusted.
> Everybody in the world will be able to see that the CA used its private
> key to sign a false statement.  

Will they? What evidence do you have that "proves" the 
certificate is bogus? Say that the person who is having his 
identity stolen for whatever purpose discovers that there is a 
second certificate with his name on it but a different public 
key, what can he do, yell loudly, "No, I'm the real me!" How do 
we know that it isn't someone who is trying to muddy the waters 
and that the certificate holder is the real person?

> The offended party need only put the
> false declaration up on the Web.

How many "The Boy Who Cried Wolf" cases would have to happen 
before we wouldn't trust *any* public key to represent who we 
think it does?

How will dissident groups keep from getting compromised when 
fighting oppression?

Best,

Allen

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com