Steve,
In light of Tom Jones' observation about culpability of
employees and officers for various wrongdoings they and company
engaged in together it becomes clearer why in many cases it will
be good advice to obtain a certificate not for each person nor
for each role but for each ordered pair [person,role].
Here is another. What is the lifespan over which a
signature may be authenticated or a document decrypted? What a
way to issue a stop payment! I take it that the necessity of
finding the certificate where it belongs until the last time
a given document must be subjected to either process more or
less implies that the certificate must identify [person,role].
This applies even after the person has quit, been promoted, or
been fired since the CURRENT mapping of persons to roles should
have no effect on the decryptability of documents written before
that status change. How is anyone going to authenticate an old
document when enforcing a contract on the ex officers of a defunct
company? Can ANYONE ever destroy a certificate? Is this not
tantamount to destroying evidence?
Theorem 1: That a certificate, once created, may not be
destroyed unless it can be proven that no document signed
by that certificate will ever need to be authenticated again.
Theorem 2: That a signature does not prove anything about
the [person,role] doing the signing unless it uses a certificate
issued specific to that [person,role], the time and date of the
signature can be established and authenticated, and that the
[person,role] certificate must itself be signed by both the person
and the role controller in such a way that either may invalidate
the certificate for further NEW signatures after a designated time.
Attempts to prove/disprove th.1 would tell us a great deal
about whether PEM will be very useful in the real world. It would
seem that if provable it implies that the set of certificates will
grow without bounds, particularly if this is not generally realized.
It also leads to interesting questions about culpability of any
entity that destroys or fails to renew a certificate for fraud or
breach of contract.
Th.2 seems central to Tom's (and the Washington Post's)
concerns about proof of date and authorship that would hold up in
a criminal court. Such a certificate embodies an agreement between
two parties to associate themselves in a given relationship at a
given node. The agreement must be authenticable as must be the
TIME PERIOD over which the agreement is valid... yet it seems that
the certificate must outlive the agreement if anything at all were
to be provable later. Unless all this is well defined it seems
unlikely that anyone would be able to prove much.
- Greg Bailey (hope these topics are germane!)