Raj,
Thanks for the clarification about delegations, although if
such association semantics are application specific rather than specified
in a standard, the lawyers may have a good time exploring their meanings.
I still don't understand how PEM addresses the temporal issues
in certificate validity. We seem to agree that the public parts of
certificates must have eternal life or we will be signing things with
disappearing ink. Fine, although RFC1422 doesn't seem to say what happens to
the certificate after CRL listing is no longer needed (or valid time
expires).
However, if I am looking at a contract in my hand that claims
to have been signed five years ago by the late Humin Bean saying that
he granted a hundred k for a scholarship to the third child of anyone
with my looks, WHO vouches for the date and time of its MIC encryption?
Maybe in the mausoleum of hallowed certificates we can still find that
Humin's certificate was valid surrounding the date in the message,
but the records also indicate that the certificate was CRL'd only a
week after the date of the contract because the DEK had been stolen.
Was it signed with the real DEK, on the indicated date, or was the
date forged with the stolen DEK a week later?
The discussion in section 2 of RFC1422 seems convincing
in this light so long as sender and receiver trust one another, and
are primarily interested in proving that the message arrived intact
as sent in real time or near enough to it (one hopes).
However, unless a document is run through and signed by an
uncompromisable entity for authentic timestamping that encapsulates
the MIC signature, I fail to see how after the fact it can be shown
that an archived document was signed during the period when the DEK
was in the sole possession of its rightful owner.
One can imagine ways of employing these mechanisms such that
the long term authentication is possible, but without standard
semantics for such uses, so that all can agree with what it means,
how useful or enforceable are they likely to be? In other words if
we have created the need for notary servers that unequivocally
vouch for the time of a signature, is it safe to turn all of this
loose without defining what a notary seal looks like? And if we
haven't created such a need, how does the court decide whether Humin's
estate belongs to my kid? Cheers - Greg Bailey