Re: [IETF-PKIX] Multiple certificates for same key?

[Bob Jueneman <BJUENEMAN@xxxxxxxxxx>]

Tony,

You've raised some good issues, and the question of a pure "identity"
certificate vs. one which contains additional attributes has been hotly
debated, especially on the SPKI list.

Since a common name is not sufficient to identify an individual in a globally
unambiguous way (something that is at least thought to be desirable in order to
facilitate global electronic commerce), some form of additional name
qualification is required.

Whether that involves the use of an organization name or a residential address,
I would argue that there are at least subtle implications of "rights" that may be
involved, whether we in the technical community intended that or not.

For example, although it might not be reasonable to assume that someone who
is issued a certificate containing the name of corporation XYZ is an agent (e.g.,
a purchasing agent) for that company, at least in the US there is a doctrine of
implied agency. That is, if it walks like a duck, quacks like a duck, and is ordering
duck food, it probably is a purchasing agent -- or at least the relying party may be
entitled to believe so. Obviously if someone has a certificate issued by XYZ Corp.
and is requesting a dozen pencils to be shipped to XYZ, they are more likely to be
believe than if the pencils were to be shipped to ABC Corp.

Likewise, there are subtle implications that may be associated with someone's
residential address. For example, if I am going to send out (spam) invitations to
visit my off-shore or Indian reservation gambling casino, I might not want to send
it to residents of states which ban such gambling. And likewise, if I were inclined
to make available for downloading from my web site in SanFrancisco certain
pictures that shall we say might be in questionable taste, I probably wouldn't
want to allow residents of states such as Utah and Tennessee to access such
images, for people have been convicted for violating those state's local standards
as to what constitutes pornography or indecent material.

Without getting metaphysical about it, the point is that the only available "attributes"
that can reasonably be used to differentiate between two individuals with the
same name also have other societal implications that may be both inescapable
and difficult to predict in advance, as it may in fact depend on the whim of some local
legislatures, rather than any bright-line legal principles.

In other words, as a bumper sticker on a water treatment truck I saw recently
said, "E coli happens."

Bob

>
>>>> Tony Bartoletti <azb@llnl.gov> 03/03 8:10 PM >>>
>I am not a lawyer, and I don't claim to appreciate fully the legal issues
>surrounding a CA and their obligations, in either general or specific cases.
>
>The arguments put forth in deprecating multiple (independent) certification
>of a single keypair are reasonable, but I point out that they belie the
>purported nature of X.509 certificates as "identity certificates" (that is,
>to bind the key simply to a warm body able to appear court.)  Rather, they
>become attribute certificates, attesting to (say) primary residence, not so
>much for distinguishing among similarly named individuals but now assuming
>a free standing legal significance.  The certificate no longer attests only
>that a given document was signed by me, it can now be used as evidence that
>I reside at location X, *independent* of my use of the key at all.  While I
>can appreciate the utility of such usage, I question where the boundaries lie.
>
>Allowing independent certifications on a single key can be compared to the
>use of both a "Diner's Club" card, and an "Auto Club" card.  If stranded
>in a broken car, the tow truck operator will be uninterested in my Diner's
>Club card, whether valid or not.  They want my Auto Club card, and want to
>be assured that it is considered to be in effect at the time of transaction.
>
>True, a key compromise on one should affect all certificates over that key.
>If one certificate is not revoked, but should have been, it could just as
>easily be the certificate appropriate to the transaction as the one not.
>
>I wonder if the central issue is primarily one of protocol.  The RP must
>(somehow) obtain not just *any* certificate validating my ownership of the
>key in question, but the certificate indicating I satisfy the role that the
>relying party expects for a signatory to the given transaction.  (In pure
>"Identity Cert" principle, any such cert should just identify "me" to a
>given degree of assurance, and then the relying party should use that fact
>to determine if, within their own domain, this "me" has the required role.)
>
>Again, I am not really advocating such usage, but I wonder if the restriction
>is simply one of cert retrieval complexity, or if such usage would really
>"break X.509".  Has the structure so embedded these legal implications?
>
>___TONY___
>
>
>Tony Bartoletti                                             LL
>SPI-NET GURU                                             LL LL
>Computer Security Technology Center                   LL LL LL
>Lawrence Livermore National Lab                       LL LL LL
>PO Box 808, L - 303                                   LL LL LLLLLLLL
>Livermore, CA 94551-9900                              LL LLLLLLLL
>email: azb@llnl.gov   phone: 510-422-3881             LLLLLLLL