[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: multiple digitale signatures

To: 'Sönke Maseberg' <maseberg@xxxxxxxxxxxxxxxx>, ietf-pkix@xxxxxxx
Subject: RE: multiple digitale signatures
From: "Bland, Graham" <Graham.Bland@xxxxxxxxxxxxxxx>
Date: Wed, 21 Feb 2001 14:08:43 -0000

Sonke,

I think we have a fundamental philosophical disagreement.
A CA is responsible for the certificates it issues only according to the
clauses it places in its CPS.  It does not necessarily know the business
purposes to which the certificates will be put For example there is a great
difference in my use of a certificate to sign a $100 million contract
opposed to its use to secure possibly embarrassing valentines emails to my
wife.
The CA does not know, has no interest in knowing and has no responsibility
for the use to which the certificate is put.  As such it is not a competent
agency to determine if it should revoke my certificate, it may only respond
to my request for revocation.

The other problem is that I just do not believe that when prudence is used
to select established algorithms that have been subject to review and
cryptanalysis such algorithms are suddenly compromised.  However even
established algorithms will become weaker over time due if nothing else but
Moores law.
While your model works in the first case which I believe will not happen, it
does not work in the second case which I know will.


Graham Bland


-----Original Message-----
From: Sönke Maseberg [mailto:maseberg@xxxxxxxxxxxxxxxx]
Sent: 21 February 2001 10:03
To: Graham.Bland@xxxxxxxxxxxxxxx; ietf-pkix@xxxxxxx
Subject: RE: multiple digitale signatures


Graham,

we are working at the problems if a signature algorithm is compromised
suddenly without any time to change the algorithm parameters, keys oder
key lengths. IMO the CA is responsible for the certificates of the CHs.
If now a failure occurs, the shocked certificates have to be revoked.
The idea is to revoke the certificates not explicitly but implicitly
through the revocation of the used signature algorithms. The benefit
would be a shorter CRL, and the benefit grows up if many CHs are
involved.

I agree that for multiple digital signatures different signature
algorithms have to be used with independent components like hash
algorithm and independent basic mathematical problems. The use of
multiple digital signatures is optional in relation to the specific
application: In authentication applications it makes less sense. But the
signatures in e.g. e-government have to be proofable for many years.

Sönke

_______________________________________________________________________

This message is confidential and is intended for the addressee only;
unless clearly stated that this disclaimer should not apply, this 
e-mail is not intended to create legally binding commitments on 
behalf of any company in the British Interactive Broadcasting 
Holdings Limited group,  nor do its contents reflect the corporate 
views or policies of any such company. Any unauthorised disclosure, 
use or dissemination, either whole or partial, is prohibited. If you 
are not the intended recipient of the message, please notify the
sender immediately.
_______________________________________________________________________

Follow-Ups:
- Re: multiple digitale signatures
  - From: Sönke Maseberg

Prev by Date: RE: Open Issue in Part1: path length constraints
Next by Date: cRLIssuer vs. distributionPoint
Previous by thread: RE: multiple digitale signatures
Next by thread: Re: multiple digitale signatures
Index(es):
- Date
- Thread