Policy-Discussion

[Eva Stöwe <eva.stoewe AT cacert.org>]

Dear Ian,

> You might be able to construct an argument that "big companies" should
> be able to share .. but I prefer to view it as naked power.  Big
> companies can get away with stuff that small people can't.  Which
> therefore causes me personally to invoke the anti-discrimination
> clause;  so if a big Belgian company can share the world's secrets
> without impunity then we have to do something other than just write
> empty words which only apply if and when we have small victims.

do I understand you right?

There are rules that forbid something. Someone manages to get away. You
are angry about this and now you say the rules should go, because there
was someone who got away?

Yes, one should do more. What about setting an example that one would
not like to tolerate it? Even to be loud about it?

(There is a lot more people can do and maybe even try to do, but that is
not the point of this discussion.)

>> Now for another gedankenexperiment. Consider you have a big company who
>> issues some certificates to their employees with which those employees
>> should communicate to keep the business secrets secure. Than you learn
>> that one of your employees has shared his key with an employee of a
>> rival and the rival beats you in a competition and you lose big numbers
>> of money because of the rival knew what you planned and where your weak
>> points where. I think you would sack said employee and you would sue him
>> for this. You probably would win this case,
> 
> On the facts above, yes.  The security involved protecting the business
> secrets.  The act of the employee was designed to defeat that purpose.
> 
> It does not meet CCA 2.5-4.

Correct, there was no CCA involved and CAcert was not involved anywhere. ;-)

>> So even if one country declares that one has to share everything with
>> them, this will be illegal everywhere else and following this can lead
>> to quite harsh legal issues everywhere else.
>>
>> Sharing keys and by this secrets (even "unimportant" details can make a
>> big difference) is banned more or less in every context and one has to
>> expect harsh punishment for it.
> 
> CCA requires you to secure your private keys, and specifically brings in
> the risks of others, making this quite broad.  It uses the word 'secure'
> because it is tied to the semantics or high level meaning of what you
> are trying to really protect.
> 
> It doesn't list any particular precautions because that is too hard to
> do in CCA.  E.g., there is no requirement in CCA to use a HSM or a
> keyfob or a password, even.
> 
> For the same motive, it doesn't say "don't share keys" because "sharing"
> is a complicated issue.  If I put my key on a HSM and I share the HSM,
> have I shared the key?

Bennys proposal does not say "don't share keys" as well:

"to secure your private keys, ensuring attributability to their intended
context,"

There are no particular precautions named. The new point introduced is
that one should aim for the keys not leaving the context they are issued
for.

>> Why should it be different within CAcert? Why should we state that we
>> allow to do so - with only saying "should not"?
> 
> It's not the case that sharing keys is banned under all or even most
> circumstances;  indeed there are specific provisions in the CP/CPS where
> the sharing should be defined.

Yes, the proposed change takes this into account.

-- 
mit freundlichen Grüßen / best regards
Eva Stöwe
CAcert Assurer
CAcert Case Manager & Arbitrator
CAcert.org - Free Certificates
E-Mail: 
eva.stoewe AT cacert.org

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature