Kyle, I fully agree with your conclusions. IMO a signature's primary function is to provide a mark of authenticity to something. If the signature is associated with an unknown signer the value of the signature becomes rather limited.
The Qualified Certificate concept is based on the strange idea that because the CA is liable to very high amounts of money, you can "trust" such signatures and thus do advanced business with total strangers. What the designers of QC didn't think of is that anybody can get a QC without being checked to be a good payer, dependable vendor, etc. If there is discomfort in a business relation, the CA has no means to rectify things making the value of the high liability very limited. IF people started to believe that QC actually works as described we would soon be in a very bad position since a single disgruntled employee could send "fully authorized" POs all-over-the-map. PKIX took this to another extreme by publishing an informational standard for liability with is one of the most ridiculous things I have ever seen http://www.ietf.org/rfc/rfc4059.txt since it doesn't deal with accumulation!!! The motive behind this RFC was "to increase the acceptance of certificates" :-) Anders ----- Original Message ----- From: "Kyle Hamilton" <aerow...@gmail.com> To: "mozilla's crypto code discussion list" <dev-tech-crypto@lists.mozilla.org> Sent: Thursday, December 18, 2008 12:09 Subject: Re: Publishing CA information documents in PDF format Eddy's gone ahead and sent a signed PDF, according to a later message in-thread. I expect that it'll work without a hitch, though I would like to hear of any anomalous behavior. :) But, I'm struck again by a couple of questions. Why does everything have to have an explicit 'threat model' before cryptography can be applied? In my view, cryptography is useful for MUCH more than just "protecting against potential attack". (It's not like we're trying to protect secrets with national security implications. It's not like we're trying to protect a financial instrument. It's not even like we're trying to keep an affair secret.) As I've said before, I view cryptography as a means of associating a policy with data. The policy in this case would be: this is a document version that someone working on behalf of Mozilla (currently -- and with the tenacity and thoroughness she's exhibited, hopefully for a LONG time -- Kathleen) prepared, it hasn't been corrupted, and it's got a timestamp so that later revisions can be identified as such. Cryptography can give me a very good idea that these three concepts can be relied upon. It doesn't have to be a "legal document". It doesn't need a contract-grade (i.e., Qualified Certificate in PKIX and EU parlance) signature on it. All that I need to know is that what I'm reading is the actual working document with a means of determining if there's a newer one, and a digisig countersigned by a timestamp authority is a perfect means of accomplishing this. Why does it have to be any more complex than this? Why does there have to be any more "meaning" assigned to the act of digitally signing something? (Why do we always treat the concept of digital signatures as though we're signing away our firstborn? What are we so afraid of? That fear-among-the-experts is part of what makes cryptography so inaccessible to the common user, and reduces confidence in the system -- which leads to a lack of use, which leads to a dearth of innovation in application.) -Kyle H On Wed, Dec 17, 2008 at 11:14 AM, Frank Hecker <hec...@mozillafoundation.org> wrote: > Kyle Hamilton wrote: >> >> Actually, the 'threat model' is more related to versioning (via >> timestamp) than anything, and to ensure that no malware on my system >> (I try to keep it malware-free, obviously, but I also know that just >> because I don't think I've been hacked doesn't mean I haven't been) >> modifies a local copy I make. > > Ah, OK. Well, if signing PDF documents doesn't interfere with viewing them > on non-Adobe software then I'm willing to have us consider doing it. Could > you or someone else send me a sample signed PDF document via email? Since > I'm running a Mac with VMware Fusion I can check it out on a variety of > platforms with different PDF readers. > > Frank > > -- > Frank Hecker > hec...@mozillafoundation.org > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
