Ed, >Keith Moore wrote: > >> > A PKI modeled on the DNS would parallel >> > the existing hierarchy and merely codify the relationships expressed >> > by it in the form of public key certs. >> >> so what you're saying is that the cert would mean something like: > >;-) actually, to a lawyer, a PKI cert says something like: > > "By issuing this certificate We state in accordance with the >rules which We > make and vary as We think fit for that purpose from time to time without > accepting any obligation to any other person (including any Internet > standardization entity) for the effect or consequences of Our choice of > those rules or of Our variation of them, hereafter called "CPS," that: Good start. > 1. The text string herein designated 'name' contains the string >received by Us > from a person, entity or machine, hereafter called entity, >claiming it as that > entity's name. Note that we are talking about certs with DNS names, not general DNs, and the DNS name is precisely what any DNS admin already asserts is accurately represented in the DNS sever he/she manages. > 2. We may have taken some measures at some time to receive >evidence (which > We may not have preserved and may not be able to produce) of a > connection between the name and the entity from whom it was apparently > received. Again, because of the name space in question, and the intrinsic limitations on what names can be asserted as one goes deeper in the hierarchy, the issue you cite here is not that big a deal. > 3. We have reproduced the string as We believe that We received it, which > We have denoted and formatted as to Our exclusive understanding of it, > of its context and of its validity, as regulated by Our CPS. Formatting is well defined and limited in DNS names, e.g., they are restricted to a restrictive, caseless character set (prior to internationalization). > 4. We may have tested the bit string herein designated 'key' to >test whether, > at the date appearing in this certificate, it appears to correspond to a > counterpart apparently available to the entity from whom We apparently > received the name. Whether POP was employed or not should be part of the CPS, as you know, so this point is inappropriately vague. > > 5. We are whom We claim to be. This claim can be verified by >checking Our > signature on this certificate We supply with a key which We >claim to be Our > public key. We do not offer you any grounds for believing that >the public > key in question is Our public key or that it has not been revoked before > or after the date of signature of this certificate. The only evidence We > provide of the correctness of the date of signature stated in >this certificate is > that it is dated before the date on which you are reading this >certificate. Except at the root, the CA is who the next higher tier has verified it to be, which is precisely what the DNS asserts today, but without any security mechanisms for assurance. > 6. We may revoke this certificate at any time without telling >you or anyone > else. The fact that you have downloaded this certificate from Our server > does not mean that it has not previously been revoked. The fact that no > revocation for it can be found in Our server does not mean that this > certificate is valid either. > 7. You may rely on this certificate only at your own risk, and >by so doing > you confirm your acceptance of the conditions subject to which >it is issued > as stated in the CPS for the time being in force, which is not to be > construed as any obligation regarding the time this certificate >was signed by Us or > used by you. These conditions include terms prohibiting you >from claiming > to be inadequately qualified or trained to understand or apply >the conditions, > or to have relied upon Us as an expert, or that you were forced >to rely on > Us through lack of information with which to verify Our >statements, or that > you were forced to rely on Us through lack of choice by any >reason such as > the named entity's lack of alternatives for certificates, the >browser's lack > of alternatives for embedded root keys, etc. And how would this be worse than relying on unsecured DNS responses? > 8. What public-key cryptography has joined, may time and >machines not part, > but of such binding We provide no assurance. > > In Honor of Our Root-Certificate, which attests to Our faith in the > Root-Key, until We decide to revoke them but maybe not both." > Again, if one established a PKI that paralleled the DNS, item 8 would apply to only one point in the system, and that could be managed in a parallel, distributed signature fashion. I think your sample CPS, while more than a little tongue in cheek, is a good example of what a CA may assert. But, in the DNS context, many of the issues you note are much less serious concerns than in a general CA context, because of the existing limitations on the names, the existing semantics associated with names by the DNS, ... Steve