[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Elaborate and clarify the technical NR service definition

To: tgindin@xxxxxxxxxx, ietf-pkix@xxxxxxx
Subject: Re: Elaborate and clarify the technical NR service definition
From: Tony Bartoletti <azb@xxxxxxxx>
Date: Fri, 27 Aug 1999 15:48:36 -0700
In-reply-to: <>

At 03:41 PM 8/27/99 -0400, tgindin@us.ibm.com wrote:
>     In the interest of clarifying the discussion over what the NR bit is good
>for, I am preparing an Internet-Draft on the requirements of the technical NR
>service.  I have had some encouragement on this, although this is my personal
>responsibility and does not necessarily represent the views of my employer or of
>those who think such a draft would be helpful.  The scope of this draft will be
>limited to the technical requirements of NR and deliberately exclude
>considerations of what is necessary for the execution of a legal contract.  I
>hope that many of the participants in this discussion will be willing to help
>clarify or debate the requirements in this posting.
>     To give an idea of what the draft will and will not cover, here is my
>paragraph on scope, which is mainly a set of limitations:
>     The technical nonRepudiation service (hereinafter NR service) is expected
>to provide evidence that a given object was signed by the possessor of a given
>valid certificate.  It is not anticipated that the use of the NR service will
>ordinarily constitute execution of a contract, or acceptance of any other legal
>obligation.  It is anticipated that the use of this service in accepting legal
>obligations will be the subject of legislation or judicial decision in various
>jurisdictions, which are likely to lay additional technical burdens upon the
>provision of such a service to such an extent as to constitute another, larger
>service which need not be the same in all jurisdictions.  It is outside the
>scope of the definition of this service to provide evidence that the signer and
>the holder of the signing certificate are the same, that the signer has been
>adequately informed of the content which is signed, that the signer is not
>acting under duress, etc.
>
>          Tom Gindin

Tom,

The scope-paragraph contains four sentences, of which the middle two might
be better in a second paragraph.

But, this also brings sentences 1 and 4 into close proximity, where the
terms "signed by", "possessor", "signer" and "holder" become confused.

In particular, (1) says the service is expected to provide evidence that a
particular object:

    "was signed by the possessor of a given valid certificate"

but (4) says it is outside the scope of the service to provide evidence
that:

    "the signer and holder of the signing certificate are the same".

In other words, this description of a Technical NR Service might say
"independent of whether the "signer" and "holder" are the same, will
provide evidence of "signed by the possessor".

Indeed, there are 3 possible parties at work as the "ostensible" subscriber.
These are (my terminology):

   SubscriberInFact:
        The person who presented themselves as "X" to the CA in order to
        receive a certificate "owned by X"

   SubscriberOfRecord:
        The person named as subscriber in the certificate.  That is, the
        "X" in "owned by X"

   ActiveSigner:
        The person actually effecting a signature to occur, in particular
        independent of whether or not they are the "owner".

Note that if person Y poses as person X, to get a "cert named X", and then
has the secret key stolen and used by a person Z, then all three of these
entities may be different people.

I'm not saying that my terminology is best, but we need to be clear on
these three possible roles, so we can state what is meant by your sentences
(1) and (4) taken together.

I believe the simplest form of a "Technical NR Service" would be to
provide (long term) evidence that an object was signed with a key that
was CA-certified as "owned by X" and valid at the time of signature.

And then stress that such evidence is not (in general) sufficient to
establish either that "X wielded the key" nor that "X owned the key".
Indeed, X could have died in 1923.

___tony___

Tony Bartoletti                                             LL
IOWA Center                                              LL LL
Lawrence Livermore National Laboratory                LL LL LL
PO Box 808, L - 089                                   LL LL LL
Livermore, CA 94551-9900                              LL LL LLLLLLLL
phone: 925-422-3881   fax: 925-423-8081               LL LLLLLLLL
email: azb@llnl.gov                                   LLLLLLLL

References:
- Elaborate and clarify the technical NR service definition
  - From: tgindin

Prev by Date: Re: Pseudonym in Subject DN (in QC certificates)
Next by Date: Re: Elaborate and clarify the technical NR service definition
Previous by thread: Elaborate and clarify the technical NR service definition
Next by thread: Re: Elaborate and clarify the technical NR service definition
Index(es):
- Date
- Thread