Last week there was a letter circulating from a Robert Bork, and
a question arose as to whether this was from THE Robert Bork
(the person who was nominated for the Supreme court, but
who failed to win confirmation by the Senate).
Steve Crocker had some interesting observations:
"Allegedly written by Robert Bork?" Yes, if the message had been
signed with PEM, RIPEM or PGP, we'd have greater assurance that it was
written by him and not someone else.
"Presumably the same person who once nominated to the U.S. Supreme
Court?" This is entirely different question. What evidence would or
should provide that assurance? His mail address says
borkr(_at_)frb(_dot_)gov(_dot_)
A little digging reveals this is the Federal Reserve Board, a part of
the U.S. central bank hierarchy. The Bork who was well known as a
U.S. Supreme Court nominee is a law professor at a well known
university. (Yale, I believe). It is not at all clear to me that
this is necessarily the same Robert Bork -- I have no idea what
nominee's Bork's middle initial is -- nor does it make any obvious
sense that he'd have a relationship with the U.S. Federal Reserve
Board.
The question I pose to you all, and most particularly those who feel
it's essential to have a name hierarchy that provides more descriptive
i>nformation about a signator, is how do we expect PEM certificates to
help us identify someone in circumstances like this? Surely this is a
case in which the importance of the message depends in part on who
said it, and the identification of "who" is grounded in acts and
events outside the Internet. Do we expect his distinguished name (DN)
to tell us he's a Yale law professor? A resident of New Haven? A
consultant to the U.S. Federal Reserve Board? The prior nominee to
the U.S. Supreme Court?
I think there are a number of good points to be made here. First,
if the message had been signed and the certificate contained
the nominal civil naming structure (perhaps with the e-mail name in addition),
no "digging" would have been necessary. The certificate would have said
in plain English, C=US, O=US Government, OU=Federal Reserve Board
(as opposed to the Federal Railroad Board, the Financial Review Board, or
the Future Retired Bureaucrats, etc.) And it wouldn't have made any
difference if he happened to have signed the message and sent it using
his CompuServe mailbox instead of his FRB mailbox.
Since DNs are unambiguous but not unique, if Robert _H._ Bork were a
consultant to the Federal Reserve Board AND a law professor, either
certificate could have been used. If we had access to an X.500
directory, the DN in the certificate could be used to look up those other
attributes, whether or not there are certificates issued for them. Without
a directory, we would have to put a seeAlso and another DN in the
certificate to get the same effect. This would be rather cumbersome
even if X.509 allow non-distinguished attributes, and it would be almost
ludicrous to include such an attribute within a DN.
There is no questions that a simple name will be less than completely
satisfactory for identification purposes in many cases. I once bought
a house from someone who had bought it from someone named
John Jones. In order to show a clear title, Mr. Jones had to include
all sorts of affidavits that he was not the person with the same or
similar name who had various judgments recorded against him.
But because some people are giveing serious thought to the possibility
of replacing X.500 as the directory mechanism of choice for PEM and
similar undertakings, I'd like to point out some things that X.500
could accomodate that the DNS, for example, would have more trouble
with (at least without substantial modfication.)
Suppose that one of the attributes in the X.500 directory was a digitally
signed MPEG video of the user, complete with synchronized sound, saying
"My name is Robert H. Bork. I am a Professor of Law at Yale University, a
former judge with the N-th Circuit Court of Appeals, and was once nominated
to be on the Supreme Court. The certificate to be used to validate
my digital signature was issued by the XYZ-CA, serial 12345, and expires
on 12/31/94."
Now we have a much better understanding of this person. We have sight
and sound, so we can recognize his image and even confirm his voice print,
and since he read off the issuer and serial number (easier to read than
the last 32 digitsl of his public key), we have tied his certificate to this
image. If necessary for certain specialized applications, we could also
include his digitally signed fingerprints or even a digitally signed DNA
record.
Obviously PEM, RIPEM, or PGP could also be used to sign such information
and improve the quality of the identification thereby. In fact, such an
affirmation would remove at least some of the uncertaintly that is attached
to a self-signed certificate, since otherwise anyone could claim to be
anyone they wanted to be.
However, the advantage of having a CA sign the certificate is that the
CA is attesting to the truthfulness of the identity claims being made, at
least as far as they know. (My name might not really be Bob Jueneman, but
if GTE Labs signs my certificate containing that name, they are attesting
to the fact that at least that is what they they know me as.) Otherwise,
I could read the same statement and claim to be Robert Bork, and if
the the person who received a message and wanted to validate it didn't
know what Robert Bork looked like, I might get away with it.
Lots of other repositories could conceivably used to store such information,
and mechanisms such as gopher could be used to retrieve it. But I
suspect that by the time you get through worrying about all of the problems
of how to distribute this information across multiple sites, solved
the synchronization problem, etc., you will have reinvented X.500 or
something close to it.
Bob