Re: Options, was Re: To Be, or NR To Be ...

[Ivan Milman <milman@xxxxxxxxxx>]

EG = Ed Gerck
AWA = Al Arsenault



EG> First, of course, a necessary and sufficient condition for a certificate to be
EG> verifiable is for it to be digitally signed.  So, I guess this much is OK and
EG> equivalent: "certificate is signed" <--> "certificate is verifiable".  A certificate
EG> is verifiable if and only if it is signed -- the "if" is a sufficient condition and
EG> the "only if" a necessary condition.

AWA>The fact that is certificate is signed does NOT make it verifiable.

EG> Yes it does, as verifiable as the signature allows it.  If a certificate
EG> IS signed THEN I affirm that this is equivalent to saying that the
EG> certificate is verifiable -- where, of course, "is verifiable" means that
EG> it CAN be verified.  And, of course, the fact that it CAN be verified
EG> does not mean that it MUST be verified.  Of course, it also depends
EG> if the available public-keys match the signature (maybe not, and maybe
EG> you need more keys), if the public-key that matches has not been
EG> revoked, etc.  But, nonetheless the certificate is verifiable and the
EG> result is either YES or NO -- if the certificate is signed.

Believe it or not, gents, I think you are in agreement here.  If we were to
say that a signature on a certificate is necessary but not sufficient for verification,
then I think everybody would be happy.  Ed seems to think so, by stating:

EG> Of course, it also depends
EG> if the available public-keys match the signature (maybe not, and maybe
EG> you need more keys), if the public-key that matches has not been
EG> revoked, etc.

and I'm pretty certain Al had similar statements in his original posting on this thread.

Thanks,
Ivan

Ivan M. Milman	Technical Director	DASCOM
email:  milman@dascom.com		phone: 1-512-458-4037, ext. 5014