Re: attribute encryption (was: Re: X.509 ACs vs. SPKI?)

["Bob Blakley" <blakley@xxxxxxxxxx>]

Denis Pinkas writes:

>The complexity lies in the fact that to encrypt a field the public key of the
target is
>needed. This places an additional constraint in terms of key management: this
mandates
>targets to possess public encryption keys while ACs may work without the
target to have
>such keys and certificates. This "doubles" the complexity. I would like AC to
be
>deployable without the need for targets to possess any private key, which is
possible as
>long as attributes are in clear text.

I fear the added complexity much more than doubles....

>To be very precise, I would like a basic document NOT supporting encrypted
attributes.
>If you think it is very important, then make a *separate* document so that I
can refer
>to one (simple) RFC and so that I comply with it without any need/requirement
for
>supporting encrypted attributes and the related infrastructure.

I agree with Denis here.

--bob

Bob Blakley (blakley@dascom.com)
Chief Scientist, Dascom


BEGIN:VCARD
VERSION:2.1
N:Blakley;Bob
FN:Bob Blakley
ORG:Dascom
TITLE:Chief Scientist
TEL;WORK;VOICE:+1 (512) 458-4037 x 5012
TEL;WORK;FAX:+1 (512) 458-2377
ADR;WORK;ENCODING=QUOTED-PRINTABLE:;;Plaza Balcones=0D=0A5515 Balcones Drive;Austin;TX;78731;USA
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:Plaza Balcones=0D=0A5515 Balcones Drive=0D=0AAustin, TX 78731=0D=0AUSA
URL:
URL:http://www.dascom.com
EMAIL;PREF;INTERNET:blakley@dascom.com
REV:19990608T185319Z
END:VCARD