W3C home > Mailing lists > Public > www-ws-arch@w3.org > July 2002

Re: "Onion model" explained

From: Pete Wenzel <pete@seebeyond.com>
Date: Thu, 11 Jul 2002 17:59:18 -0700
To: Joseph Hui <Joseph.Hui@exodus.net>
Cc: Christopher B Ferris <chrisfer@us.ibm.com>, Hal Lockhart <hal.lockhart@entegrity.com>, www-ws-arch@w3.org
Message-ID: <20020711175918.A2523@seebeyond.com>

Thus spoke Joseph Hui (Joseph.Hui@exodus.net) on Thu, Jul 11, 2002 at 04:27:32PM -0700:
> [snip]
> >> >Presumably she requires some proof of possesion, a certificate
> >> >alone proves nothing, but this is a side issue.
> >> 
> >> A certificate proves nothing?  By certificate I meant a cert 
> >> that Alice
> >> deemed trustworthy, say a CA signed cert.  Now, if a CA signed cert,
> >> which millions of Internet shoppers trust their money to, 
> >> means nothing
> >> to you, then I don't think we'll go anywhere on the issue.
> > 
> > A certificate alone means nothing, even one that is CA 
> > signed, absent a CPS.
> 
> Well, it means whatever Alice deems trustworthy or otherwise,
> assuming Alice already practices "safe certs," such as
> checking the CRL (Cert Revokation List) with due dilligence.
> [snip]

These are all important considerations for establishing a
certificate's trustworthiness, but I think you are both still missing
Hal's "proof of possession" point.  The fact that I can present some
random certificate to you, even if it passes all validity checks, only
serves as identification.  My identity is not authenticated (bound to
the identifiers in the cert) unless I can actively prove to you that I
am the subject of said cert.  (This by demonstrating that I can sign a
challenge nonce, verifiable using the cert's public key; or that I can
decrypt something that you have encrypted with it.)

--Pete
Pete Wenzel <pete@seebeyond.com>
SeeBeyond
Standards & Product Strategy
+1-626-471-6311 (US-Pacific)
Received on Thursday, 11 July 2002 20:59:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:25:01 GMT