From: Brad Templeton (brad@templetons.com)
Date: Tue Oct 02 2001 - 14:03:03 CDT
On Tue, Oct 02, 2001 at 10:45:52AM +0000, Charles Lindsey wrote:
> In <8A2IRGkZcDB@3247.org> list-ietf-wg-apps-usefor@faerber.muc.de (Claus Färber) writes:
>
> No, you are confusing two issues. The purpose of the signature is to
> establish that the cancel/nocem/whatever indeed came from Alice, and not
> from Hipcrime. It has nothing to do with authority.
Hmm. That's quite at odds with a major school of thought on these things.
The key does identification, but the certificate is indeed the method of
authority. In their abstract, certificates simply certify attributes of
the holder of a key. Many people make one of those attributes be the
identity, and some systems (foolishly) make the identity the only attribute.
But the truth is you often don't care "who" the person is (or what that
even means) but rather you care what they are authorized to do.
In an authenticated newsgroup a keyholder does not have the "identity"
of bt@templetons.com. Rather, I have the authorization to post and cancel
messages with that string in the From line.
So a certificate does indeed delegate authority to do something like
cancel.
The problem with the "reason" as an attribute being authenticated is that
it is not being authenticated. Technically, the authority you delegate
with a certificate is the authority to cancel. There is no such thing
(in a technical sense) as the authority to cancel spam without the authority
to cancel copyright infringement. There is a difference in the policy
sense but not a technical one.
Now we could have a reason field, and software could look at it, but frankly,
I think it's a needless complexity. Getting the keys and certs to work
is going to be hard enough as it is.