Two birds with one shot. :) Ali, Saqib wrote:
I am not sure what you are trying to achieve. The CA never has your private key. They are just signing a X.509 certificate that holds your public key. This way they are vouching that that you own the public. Even if you subpoena a CA they won't be able to decrypt any information encrypted with your public key. So having a separation-of-duty is not providing any additional security. Can you please elaborate on you are trying to achieve?
I never said that the CA had your private key, only that they could validate an open message came from whomever held the private key associated with a given public key.
I like going back to historical instances to illustrate issues because people can read about them from second sources and perhaps get clues about the issue they might not of otherwise.
In this case I'll refer to a commonly acknowledged observation that the biggest financial backer of the Communist Party, USA, in the 1950s was the FBI. Another instance of a similar sort is that in many cases during the anti-Vietnam war years, the people advocating violent actions turned out to be paid agents of the FBI and other government agencies.
And a third scenario to consider is the capture of German spies by the British and them using them to send both bogus and real intelligence back to their masters.
PKI and other similar structures are an attempt to maintain confidentiality between two parties that are not present in the same room while at the same time assure each other that they are indeed talking to who they think they are.
In the case of the FBI agents they were not talking to whom they though they were. With the German spies, they were, but the spies had been suborned with threats of the noose if they did not comply.
Same problem, two different expressions. How do you trust who you are talking to is the person they represent themselves as? It is almost a side issue whether anyone else is privy to the contents of the conversation, important to prevent misuse and fraud by others, but not central to the first point: Identification.
In a private e-mail a suggestion was made that it might be possible for a CA to issue a second certificate alleging it to be yours but in fact it belonged to someone else. In this case which is the real you as represented by the conflicting certificates?
Then Ian G wrote: [snip]
As a side note, outside the cryptography layer, there are legal, contractual, customary defences against the attacks that you outline.
Ah, yes, the rule of law. Well, I think we've seen enough with the Real Innocence Project validating that people are put to death with customary "legal" processes and that Guantanamo Bay exists to say that if the law is your only protection you need help in a big way if someone gets a burr up their butt about you.
My goal in this discussion examine how we can keep the underlying issues clear and utilize tools, like cryptography, to assist us in achieving well founded trust relationships.
Best, Allen --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
