On Sun, 14 Dec 2003 11:33:23 PST, Paul Hoffman / IMC said:At 2:14 PM -0500 12/14/03, Keith Moore wrote:I trust my boss to make statements about my job.All of those statements, assertions, and so on can be made in simple signed messages. When you get a message with statements about your job, you verify that the message has been signed using your boss' public key. What's the problem here?
Please explain how you enforce that the signed part of the message *only*
contains statements about his job, and does not make any claims that he doesn't
trust his boss to make, but does trust his landlord to make?
As the person trusting something, I don't have to "enforce" anything: I look at it and make a trust judgement.
If you are assuming that this trust has to be made automatic, then you first need to scope the kind of statements that can be made. You then describe that scope in the boss' certificate.
Note that this isn't a hypothetical. This message is signed, and it quotes you
quoting Keith. Or at least it claims to. Now what does the signature tell you
about the words that Keith is attributed with? Absolutely nothing - you get to
rely on your judgment of how careful I am with attributing quotes.
Exactly right. I don't trust you to quote Keith or me. So?
At our site, we have multiple people who are authorized to sign purchase orders.
Explain a "simple signed message" format that explains to the vendor that the
digitally signed PO from Mary Smith for desktop computers is OK, because Mary
is authorized to buy those for us, and the PO from Richard James for concrete
for construction project #11934 is OK - but Richard isn't allowed to buy desktop
computers or concrete for other projects.
All of that is describable, and many vendors have such products. There are no standards (or none that are significantly followed) for such assertions. So? Many different PKIs can handle such assertions, once you codify them.
--Paul Hoffman, Director --Internet Mail Consortium