[Jsdsi-users] Re: Opnion

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Luis,

This is an interesting idea.  You're essentially proposing that each
user sign a statement that says that they did some task (such as
create a document, in your example).  This serves as a signed audit
trail that can later be used to check whether people are doing their
jobs and (possibly) track down security problems.  But it's not clear
whether signed logs really help, since if someone breaks into my
account and gains access to my private key, they can sign logs saying
whatever they want.  But let's assume for now that we want signed
logs...

One way to model this in SPKI/SDSI is with a cert whose subject is an
ObjectHash of the object that was created / modified (e.g., the
document).  But it doesn't make much sense for this to be an AuthCert
(you're not authorizing the document) or a NameCert (you're not naming
the document), so you need some other way to make the statement (e.g.,
a LogCert).  I can see why you used a "tag" here---tags provide a
generic way to make any statement---but I don't think they're really
approprate (what does a SetTag or PrefixTag mean for a LogCert?)  So
it seems like we need some other way to express what happened.

Perhaps a Cert is the wrong model altogether.  You're not really
certifying anything.  But what you might want is for each log entry to
include a hash of the log entries that preceded it.  This would be
cryptographic evidence of causal order, i.e., if my log entry "sold
some stock" includes the hash of your entry "discovered fundamental
flaw in business model," then people might question whether I had just
engaged in soem insider trading :)  Of course, you would need a system
that forced me to include the hash of the most recent log entry for
this to work.

I can't say more on this right now, but it's an inetresting topic. 
I'm CC'ing jsdsi-users.

Sameer

On Mon, 28 Jun 2004 16:54:04 +0100, Luis Pedro <lp...@ne...> wrote:
> 
> Sameer,
> 
> With all the work and the latest errors on jsdsi :), i forgot to ask you
> your opnion about one thing.
> 
> Some guys here, proposed that after the certificates had been proved and the
> operation performed some register should be keeped of that operation and
> stored with the information of who done it, to prevent repudiation.
> 
> Of every ideias that they gave i personally didn't like none and i had the
> ideia of making a LogCertificate basead on s-exps. The LogCertificate serves
> only to keep information of the user that performed the operation, it's not
> to be used on an kind o proving. The result was a certificate like this(just
> with issuer, tag, date and signed):
> 
> (sequence
>     (cert
>        (issuer
>          (public-key
>            (rsa
>              (e #010001#)
>              (n
> 
> |AL7JF0DGsaHbXU3q1Ev1cTvc47E0AzFmvQq61B2hOO8QBMux7ePfW5ilF63ZDgxUKnQLOuY1uUP
> Y0Ix1laylkbEmgO/
> 
> m4/MikVxvd7xUVKQHSe0AhlkdaBmttLoc7vTcab13Bs8OBWHNSFgAeKqBSB7FKTQto8fLqZ/yHPd
> 5gBuj|))))
>        (tag "criar documento")
>        (date "2004-06-27_15:05:32"))
>      (signature
>        (hash md5 |T09AkMhiysUE6HHxKEMbcQ==|)
>        (public-key
>          (rsa
>            (e #010001#)
>            (n
> 
> |AL7JF0DGsaHbXU3q1Ev1cTvc47E0AzFmvQq61B2hOO8QBMux7ePfW5ilF63ZDgxUKnQLOuY1uUP
> Y0Ix1laylkbEmgO/m4/
> 
> MikVxvd7xUVKQHSe0AhlkdaBmttLoc7vTcab13Bs8OBWHNSFgAeKqBSB7FKTQto8fLqZ/yHPd5gB
> uj|)))
>        (MD5withRSA
> 
> |AdlEIhnXmQMpzonnQsL4Htp9ACzQtAYTNoS0y1XfA3qLTd7qJ2CYJ0b8YsFpY31pkSNYpS8iYWP
> BNrfn68yKCu5Xs2aQR
> 
> CQTGplUPeWGtk627XdFZJN2N6NgD5e423tn0OwxIZ1sLR0rpIkcNTh9z/J9VXoJoyfgcGGXa5wZZ
> v4=|)))
> 
> What i want to ask u is if exist another way or even better way of storing
> this kind of information about the operation performed by a user?
> 
>         Thanks,
> 
>                 -- Luis Pedro
> 
>