From: jueneman%wotan(_at_)gte(_dot_)com
Subject: What digital signatures "mean"
Although I would hope that the certification policy established
by the Policy Certification Authority would address this issue,
in fact the draft RSA Commercial Hierarchy I have reviewed
as part of our deciding to purcase a Certificate Issuing System
does not say anything about limitations of liability. I am also
not aware of any other PCA having published their policy.
Since when does a PCA assume liability for behavior of certificate holders ?
The limit of the PCA pertains to standards of IDENTITY and procedure only.
I cannot imagine a PCA being concerned with any other than:
1) ensuring that publicized standards of identity are met
by each subordinate CA.
2) adequate proof that those standards were met for each subject
certificate issued and revoked. (i.e. an audit trail)
3) adequate assurance that the PCA's keying material is protected.
4) that the certificate and crl issuing policies are met and auditable.
I would suggest that you consider what is currently being done in the legal
community regarding "conventional" signatures. Certainly there are occasional
questions of whether a document is "signed" and whether a single signature
is appropriate. The amount of case law and statute is immense and extends back
to antiquity. For instance, in the case of the "will" you cite,
a paper will with signatures of witnesses will certainly be favored over
a digitally signed document containing only the signature of the "deceased".
You can analyze this further by asking "How is it currently done ?" and
"Is there an analogous approach ?". For the vast majority of transactions
involving digital signatures, I don't see why strong analogies cannot be drawn
from current practice.
However, even simple attribution of a statement without any commercial
value carries some risk. If someone were to forge my name to some
particularly fatuous or ignorent statement, my reputation might be damaged,
and if I made my living selling newsletters or stock tips
(or even security advice) the damage might be huge, up to depriving
me of my livelihood.
Then you had better be particularly careful of your private component
and when you use it; substantially more careful than when you apply
a written signature. But again, what is current practice ? Surely the
false attribution would be challenged by you and lawyers would be hired,
and eventually the assertion would be made that your material was
compromised and this could be investigated, etc.
Once we go beyond the point of addresing the risk of falsely implying
attribution and start talking about financial transactions, the subject at
least becomes more sharply focused. but what if someone forges my name
to an order to a stockbroker, instructing him to sell short 100,000 ounces
of silver, and then the Hunts corner the market on silver and I cannot cover
the order. Even if I had stated that my liability was limited to $1,000,000,
this might not be sufficient. (Maybe I should just let my stockbroker worry
about this, and throw myself on the mercy of the bankruptcy court.)
This argues for a more detailed protocol. Surely the simple issuance of a
signed
document does not satisfy. Perhaps a third party needs to be present. Perhaps
you need some out-of-band confirmation, etc. Again, how are these things
currently done ?
For this reason, I argue that it is absolutely essential that the PCA's
policy statement explicitly establish a default limit of financial liability
associated with each certificate issued under their CA. Further, I
would suggest that the limit be low enough as to be insurable against,
both by the PCA, the CA, and the individual.
I would argue that the PCA policy statement accept no liability except regarding
performance of the policy. The policy should then be as limited or expansive
as the PCA wishes. As stated earlier, I cannot imagine the PCA accepting any
liability for subjects.
Regarding fatuous or libelous statements; you should note that you don't have
to sign them in order to be sued. On the other hand, signing them
(physically or digitally) makes repudiation harder but not impossible.
Again the cant, "How is it done currently ?".
John