CyberPhone Trust Propagation Was: A $25,000,000,000 PKI

["Anders Rundgren" <anders.rundgren@xxxxxxxxxx>]

Steve,

Sorry for changing subject all the time but there are soo many issues
to discuss.  This is an explantation on a major issue regarding private keys and
trust.  Don't be fooled by the language or terminology that may suck a bit
since neither English or this part of PKI is a speciality of mine.  I am sort of
a hands-on guy rather than a philosopher.

Basically I feel that you and many others believe that CyberPhone with its
intermediary key-server, propagates trust from the client to the end-RP.

This is definitely possible and true if CyberPhone is used in the same context as
Kerberos.  I.e. for authentication and authorization WITHIN an organization
(putting on my marketing hat I would say CyberPhone does this much better
than Kerberos as the former is 100% based on PKI).

Now to the scenarios presented on my web (Shared Certificates
and Dynamic Certificates) that represent two much more complicated situations
that an open environment introduce.

If those scenarious introduce trust propagation it would mean that the intermediary
private key server performed something on behalf of the client.  But, IT IS THE
OTHER WAY AROUND!  It is the intermediary server that grants a client the right
to perform a purchase on the servers behalf.  Yes, when you purchase for a company
it is the company that buys.  That the purchase was initiated by the client does
not change this a single bit.  A company assumes that you do your work  - not that it has
to screem and shout to make you perform!  And you have in this role obligations
only to your company (=server).

That is why CyberPhone does not break any (of the mostly unwritten) rules regarding
key use and trust.

It does though assume that a server and private keys stored on it can be responsible
in the same way as a natural person.  As I wrote in another posting this is what is
happening all the time (except for signatures that are not yet implemented) in automated
invoicing systems so there is "Nothing new under the Sun".  

Regards
Anders

http://www.mobilephones-tng.com


<snip>

>>So what is so fundamentally flawed in the CyberPhone concept with respect
>>to digital
>>signature laws?
>
>I won't comment on the question of the legality of CyberPhone, vis a vis,
>the current hodge podge of digital signature laws.  However, I was not
>aware of SET wallte servers, e.g., in the corporate context you describe.
>An employee using a cert issued for company purchasing, etc. may or may not
>be the real "owner" of the private key.  If the cert identifies the subject
>as a role, and the user is the role occupant, then the company is
>intentionally maintaining accountability on a purely internal basis.
>Technicall, this can be done reasonably well by issuing the cert via a
>smart card or PC card, so that the user has not (easy) access or knowledge
>of the private key.  However, if the subject of the cert is an
>organizationl person (not role), then I think of the issue of ownership
>differently.  The company needs to revoke the cert when the employee leaves
>of changes roles and no longer has the same purchasing authoirzation.  (Of
>course, this points out why an attribute cert might be better in this case
>...)
>
>steve
>