Re: Trusting keys (was Re: looking for draft volunteers)

[Steve Hanna <steve.hanna@sun.com>]

Keith Moore wrote:
> It would be completely, absolutely irresponsible for IETF to
> recommend that everyone place trust in a VeriSign-signed root
> key - even for casual use.

Completely agreed.

> > > I think a single framework could accomodate the entire spectrum
> > > of trustworthiness vs. pre-verification.  The real trick is to
> > > provide the user with enough information so that he doesn't place
> > > an inappropriate amount of trust in whatever keys he's getting.
> >
> > I think that this is a very hard problem, similar to the problem of
> > allowing multiple DNS roots without creating hopeless confusion.
> 
> I agree that it's a difficult problem, but I don't think it's similar to
> the multiple root problem.  Overnight I realized that you can't assign
> trust values that can be compared to different keys.  What you can say
> are things like "this key is signed by a key that you trust for purpose
> X" and let users (or their superiors) supply the X for a given key.
> X might be "casual use" or "XYZ company business" or "XX government
> official business" or whatever.

This is a hard problem, but not impossible. In fact, the PKIX
working group has solved it with the certificate policy extension.
Including this extension in a certificate allows you to identify
what the subject key should be trusted for. The identifier is an
OID. It can be local to a particular organization (like "XYZ
company business") or it can be widely understood (like "suitable
for casual email"). There's even a way to map between different
organizations' OIDs ("U.S. Top Secret implies Canadian Restricted"),
although that's rarely used.

-Steve