[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Principles and Principals
At 03:28 PM 9/26/97 -0700, Patrick Richard wrote:
Not necessarily if you use a non key-centric approach.
(not to stir up the semantic flames again)
I know this is kind of semantic BS, but the above is not a
key-as-principal system (key-centric is another term used to describe
this). I was referring to key-centric systems when I stated that
"you can't solve revocation in a key-as-principal system".
(supporting both 'revoked-key centric' and 'key-centric' means that
you are in actual fact supporting tagged-centric systems which
means that they aren't key-centric, they are tag-centric and that
the tags just happen to refer to keys :-))
I guess this should all be taken with the original message in mind,
which was one in which a poster mentioned something like "wouldn't
it be great if the whole PKI was based on hashing someone's key"...
Sorry to turn the semantic BS table on you, Patrick, but what is the major
problem, then? (insert smirk here) I don't see how the problem is different
for name-centric or key-centric systems. Perhaps this is because I really
don't see the difference on some level; I see a DN and a key fingerprint to
each be a binary string that is not my name. All the other stuff is just
falderal to check the validity of an assertion.
I think we're in violent agreement here. No one is saying tags aren't
important. No one is saying names aren't important. Furthermore, I haven't
heard anyone say they think that signed statements without names are a bad
idea. This is why 509 has attribute certs, as someone said before.
Jon Callas jon@xxxxxxx
Chief Scientist 555 Twin Dolphin Drive
Pretty Good Privacy, Inc. Suite 570
(415) 596-1960 Redwood Shores, CA 94065
Fingerprints: D1EC 3C51 FCB1 67F8 4345 4A04 7DF9 C2E6 F129 27A9 (DSS)
665B 797F 37D1 C240 53AC 6D87 3A60 4628 (RSA)