Forwarded message:
To: Bob Jueneman <BJUENEMAN@novell.com>
cc: cme@cybercash.com, banisar@epic.org, spki@c2.net
Subject: Re: legal question about certs
Date: Wed, 25 Jun 1997 21:09:17 -0400
From: Steven Bellovin <smb@research.att.com>
Unfortunately, the argument is circular. If you are concerned
about a rogue CA issuing a certificate to someone who never
heard of that CA, that CA could invent whatever public/private
key pair they wished, and embed that key in the certificate
they are issuing!
Yup -- this is an important point, and one I'd mentioned privately to
a few folks. Without a countersignature by an independent party,
you lose non-repudiation. That is, if a bank is the sole certifier
of the certificate nominally associated with my bank account, it's
much harder for them to prove to the judge that I made certain withdrawals.
After all, I could claim that that wasn't my certificate, but one they
concocted out of whole cloth.