Complaint about RSA "control"

[vcerf@nri.reston.va.us]

Would the author(s) of the current version of RFC1114-succ please
respond to Windsor with copy to pem-dev. I already asserted that
the ISOC would authorize other than RSA to function as PCA.

Windsor obviously would benefit from seeing the most recent draft.

Vint

------- Forwarded Message

Received: from mv.MV.COM by NRI.Reston.VA.US id aa00674; 25 Mar 92 2:54 EST
Received: by mv.MV.COM (5.65/1.35)
	id AA18128; Wed, 25 Mar 92 02:25:21 -0500
Received: by lemuria.sai.com (/\==/\ Smail3.1.21.1 #21.11)
	id <m0lTSKM-0003stC@lemuria.sai.com>; Wed, 25 Mar 92 02:23 EST
Return-Path: <mark@windsor.a92104.sai.com>
Received: by windsor.a92104.sai.com (EZMailBox 1.05)
Message-Id: <29cffa4c@windsor.a92104.sai.com>
Date: Tue, 24 Mar 92 23:17 EST
To: vcerf@NRI.Reston.VA.US
From: Mark Windsor <mark@windsor.a92104.sai.com>
Subject: Re:  RSA PEM RSAREF Certificates

Vint - Thanks for your letter about RSADSI's role in producing
signature certificates.

I am looking at the Internet draft successor to RFC 1114, dated
June 28, 1991.  Appendix B discusses how certificate management would
work in areas covered by the RSA patent.

Page 35 discusses in general terms the two ways in which key certificates
would be created.  "In the first scenario, an organization acquires
a trusted Certificate Signature Unit (CSU), which allows it to...
issue certificates to its users....  RSADSI will make available
functional and security specifications for CSU vendors, but retains
ultimate authority for approval of CSUs for use with its certification
hierarchy.

"The second scenario... calls for [lower-volume] organizations to act
in concert with a 'Co-Issuer,' a role which RSADSI will fill, at least
initially."

Page 38 discusses the Co-Issuer scenario in more detail.  "When RSADSI
(or an entity designated by RASDSI[sic]) acts as a Co-Issuer of
certificates on behalf of an organization which does not possess a CSU,
the Co-Issuer actually signs certificates for the organization...."

As you can see, in either the CSU or Co-Issuer scenarios RSADSI has
de facto control over the signature process.  In the CSU scenario
it is RSADSI which sets the specifications for the CSU's, and RSADSI
which actually gets to approve the devices.  Other parts of the document
describe how RSADSI enables and queries these devices through mail
messages.  With their tamper-resistant features, these devices are,
in effect, little pieces of RSADSI brought into the signing organization.

The more common case, I imagine, will be for a Co-Issuer to do the
signing.  Here again, Co-Issuers are either RSADSI itself, or an
entity designated by RSADSI.  Once again, RSADSI controls the process.

> The way PEM is set up, RSA does not have a monopoly on
> signing certificates. The Internet Society expects to
> authorize a number of organizations to sign certificates and
> to issue keys. The only RSA concern in the matter is that,
> where their patent applies, that organizations engaged in
> the practice of RSA algorithms have suitable license from
> RSADSI to do this. 

Perhaps a newer draft of the RFC 1114 will weaken the statements I have
cited above, but it appears to me that RSADSI is retaining considerably
more control than you suggest.

Specifically, how do these organizations authorized by the Internet Society
to sign certificates fit into the system described in RFC1114?  Are they
Co-Issuers (but RSADSI gets to "designate" Co-Issuers)?  Or are they the
clients of Co-Issuers, the Certifying Authorities (in which case they
don't actually sign keys, RSADSI or a Co-Issuer it designates signs keys
on their behalf)?

Mark Windsor

------- End of Forwarded Message