LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fallout from the fraudulent SSL certificates

Fallout from the fraudulent SSL certificates

Posted Apr 3, 2011 0:25 UTC (Sun) by giraffedata (subscriber, #1954)
Parent article: Fallout from the fraudulent SSL certificates

Perspectives perverts the notary metaphor. The function of a notary (aka notary public) is to prevent a signer from repudiating his signature -- claiming later he didn't sign the document. I "acknowledge" my signature on a document to a notary who one way or another knows my identity, and if I later try to say I didn't sign it, testimony of the notary will prove I did.

What Perspective creates is known in legal circles as a "certificate." Yes, in the very same sense that the SSL certificate uses the term. It's a known and trusted agent backing up my own claim to have signed a document.

And that makes me wonder if it wouldn't be simpler just to have multiple independent CAs sign the certificate in the existing cryptographic way. Or, alternatively, to skip the whole cryptographic signing component and just have interactive servers with secure connections certify keys to begin with.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds