Piers,
My concern about what you are suggesting is that liability (or
any authorisation concerns) are not within scope of PEM.
At this point in time I am wearing my user's hat, rather than my
implementor's hat. As I explained in the message, we are trying to
get cranked up to actually USE this technology, and that requires
a lot of "socialization" to get users to buy into the concept.
Part of that effort is to convince people who are not computer
security specialists that the technology is here, that it is potentially
very useful, and that the various dangers that may be involved are
limited and outweighed by the potential benefits.
I don't know what the full "scope" of PEM is, and I would be happy to
take this conversation to another venue if there were one were
we could also get authoritive answers to technical questions, but
I don't know of such a suitable list other than pem-dev. I do believe
that if I can send a document written to anyone in any natural language
such as English, and sign it using my digital signature, then it falls
within the scope of PEM. And that includes a VERY broad class of
documents.
I don't see why any opportunistic lawyer can't just be told that
there is a difference between authentication and authorisation, and
that any claims based on a confusion of the two are void given the
clear disclaimer in RFC 1421 that authorisation facilities are NOT
part of the delivered facilities of the PEM technology. Why do you
need a statement from [P]CA or a certificate to re-state what is
in the source document?
I don't claim to be a lawyer, but... First of all, the primary purpose
of a corporate lawyer is to keep people out of trouble. If they
wait until the company gets sued, they have already failed. So the
problem isn't that of an opportunistic lawyer who is trying to make a
name for himself, it is one of a conservative culture that wants to
make sure that there aren't any alligators in the pool before he
closes his eyes and jumps in. (Maybe the problem is that in the UK
you don't have enough lawywers or solicitors. Since we seem to have
a balance of payments problem, would you like me to ship you some? :-)
On the other hand, if I were one of those nasty opportunistic lawyers
that you mentioned, I would ask several nasty questions at the trial:
1. Did the plaintiff and the defendent personally read the RFCs,
understand them, and agree to be bound by them? For that
matter, did you read the specifications and standards for the
automobile you bought or the airplane that you flew in to get here?
2. Has not the technical community talked repeatedly, over the last
10 years or so, about the wonderful "non-repudiation" benefits
that will be provided by what is routinely referred to as a digital
signature? Having talked about such virtues, doesn't an implied
warranty of merchantability and fitness for purpose apply?
3. If you knew about the possibility of theft or compromise of your
key, why did you not take better precautions to protect them?
Were you aware of the existance of smart cards and secure operating
systems? Assuming that you were aware of them and consciously
decided not to use them, doesn't that constitute gross negligance
on your part and/or the part of the company you work for? You
claim that you couldn't afford to make use of such tools -- why
then didn't you continue to use a ball point pen -- they're cheaper yet?
4. You claim that your digital signature does not authorize you to
perform any particular action. But as the innocent holder in due
course of a document apparently signed by you, I had every right
to the presumption that you WERE so authorized, for otherwise you
wouldn't or shouldn't have signed it. (Look up the case law on
the rules of agency -- this is a standard defense, unless the
defendent is a clerk who apparently ordered a Boeing 767.)
5, Did you make any good faith effort to notify all of your
correspondents of the theft of your key, by making use of the
CRL mechanism published in the RFCs you alluded to?
You say that you didn't issue a CRL because you didn't
even know the key was stolen? Then in fact you are asking
this jury to believe your statement that the key must have
been stolen because you have the only copy and no one
who didn't have a copy could have signed the document
with your digital signature? And you hope that the jury will
believe your statement, when you have only your assumption
that this must have happened and we have a document which was
signed using your private key (admittedly) using a technology
which was purported to provide a high level of authentication
assurance?
I'm not saying that I could make all of those points stick, or that if
I were on the other side of the table I couldn't try to rebut several
of them. But I think you will admit that they would serve to raise
a number of doubts in the jury's mind, and in a civil proceedings
(in the U.S., at least) all you need to to demonstrate the preponderance
of the evidence (51%). It doesn't need to be conclusive or air tight.
I agree in general with the rest of your comments about the virtues
of positive access control and authorization schemes, but I am trying
to limit the scope of this particular project to something that is tangible
and achievable in the near term.
Bob