Einar writes: > Wow! What a mighty leap of faith! That's why they call it trust. > Stephen's CERT proves that the sender is a person > who got a CERT from some CERT provider and has a > contract with that provider, but has no contract > with Anthony ... No. In cryptographic authentication, signing a message with a private key proves only that the signing entity had access to the private key--nothing more. Everything else is human interpretation. If the human side is handled correctly, crypto authentication can be very useful and secure indeed. But if you cannot trust the human management, the high technical security of the authentication method itself is of little use. > ... so that when Steven does something bad to Anthony, > like snd him some spam, and Anthony complains to the > CERT provider, the CERT provider is going to say > "You don't have any contract with us, so we do not > owe you anything." The provider of the certificate is not a police organization, and there is no reason why I would complain to them. A certification authority does not certify anything except the authenticity of a certificate, that is, the CA guarantees that the identification information contained in the certificate is true and correct. CAs do not guarantee anything else, nor are they responsible for the actions of the entities they certify. As long as a subscriber is not attempting to forge certificates or identities within certificates, the CA is not involved. Expecting the CA to act as a police organization is like complaining to the Federal Reserve Board when you pay money to a tradesman and you have a dispute with him. > In fact, Anthony might not even be findable because > of his holding a CERT, because he was able to obtain > the CERT with false information. It's up to the CA to verify entities sufficiently that falsification of certificates is difficult. The CA's business depends on the trustworthiness of its verification. However, if the identity does indeed check out, the CA has done its job and owes you nothing else. > So, I have to ask why you trust those CERTS. It depends on the CA. Verisign seemed trustworthy until they handed a brand-new Microsoft certificate to a complete stranger in an almost unbelievably stupid breach of security, so I have my doubts about them now. You have to trust a CA to a certain extent in order for it to be useful, just as you have to trust a bank to a certain extent before you are willing to put money on deposit with them. > I don't trust em just because they come with a contract > that denies all kinds of liabilities in the reliance > on or use of those CERTS. That's your decision, not mine. Perhaps if the above explanation helps you to understand the true purpose of certifying authorities, you'll adjust your conclusions. > The problem is that I do not trust the transitivity > of trust as required by PKI. This is because I have > ever seen proof of trust transitivity. There isn't any proof beyond the basic technical level of keys and signatures. The rest is a human issue. > Show me the proof of it and I will believe it, if > your proof stands up! Whether you believe it or not is irrelevant to me. I'm just explaining how it is done.