[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Private key possession
> From: Denis Pinkas <D.Pinkas@frcl.bull.fr>
> Topic: Private key possession.
> Let us take the following example:
> Alice wishes to apply for a patent today and for doing so signs the
> text of the patent using its private key, attach to it its certificate
> and send the two pieces to a patent office. When receiving the two
> pieces, the patent office would place a counter-signature from a
> Trusted Time Stamping Authority on the whole package so that one can
> make sure that the registration date is correct.
> Since Bob intercepted the message from Alice, the patent office did not
> received Alice's message at this time. Bob promptly asks to a CA
> located in Barracuda (in the Republic of Banana) to issue a certificate
> containing the same public key as Alice but with his name in it. For a
> reasonable fee the CA omits to verify the possession of the private key
> by the user before issuing the certificate. Thereafter Bob sends the
> intercepted signed text of the patent and replaces Alice's certificate
> by his new own certificate. When receiving the two pieces, the patent
> office places a counter-signature from a Trusted Time Stamping
> Authority on the whole package so that one can make sure that the
> registration date is correct.
> In such a scenario Bob would now the patent holder. If for some reason
> Alice re-sends her message it will be time-stamped after the message
> from Bob and she will not be recognized as the patent holder.
As you later hint, the problem here lies not with the CA not checking
the possession of the private key, but rather with the patent lodging
protocol. Such a protocol must obviously explicitly associate the
identity of the person lodging the patent with the text of the patent.
I don't think extra effort should be tolerated in the certification
stage in an attempt to protect from poor protocol design in applications !
Telstra Research Labs