From: Florian Weimer (fw@deneb.enyo.de)
Date: Sat May 05 2001 - 12:23:53 CDT
Brad Templeton <brad@templetons.com> writes:
> On Tue, May 01, 2001 at 11:59:40AM +0200, Florian Weimer wrote:
> > Brad Templeton <brad@templetons.com> writes:
> >
> > > With a proper certificate system, you only need to use a few keys.
> >
> > Could you describe this certificate system? Is it practical?
>
> Wow. Well, there are tomes and tomes on certificate systems. I
> won't pretend they are simple. However, there are now some free
> libraries, like Matt Blaze's "keynote" that we could use to do the
> work.
Well, I was looking for a much higher-level description.
IMHO, your proposal has the following weak points:
* Tree-based structure
A tree-based structure always has scalability problems. Soon, we're
going to have a forest of several trees, I fear, because some
hierarchies want to use their own system. In addition, people might
want to have multiple issuers certifying trusts for some key until
they grant it some critical rights.
* Certification chain distributed in each cancel
Implementations probably need a database to cache trust values and
certificate revocation list (CRLs) to avoid performance problems, so
the distribution of complete certification chains doesn't by you much,
and it's clearly impractical in the forest scenario.
* Keys used for certifying trust can certify cancels
This must be separate. Certifying cancels is needed on a regular
basis most of the time, so the corresponding key cannot be kept as
secure as the trust certification key needs to be.
* Lack of interoperability
If we deploy our own infrastructure which is completely separate from
the existing X.509 or OpenPGP approaches, we'll reinvent a few wheels,
I think. Maybe a special, stripped-down signature is used for
certifying cancels
* Hard problems are still unsolved
There are some fundamental questions which are still open:
- Who is willing to write the top-level policy?
- Will this policy be enforced? And how?
- Who is going to maintain the necessary network infrastructure
(e.g. CRL distribution servers)?
- Who writes and maintains the software?
- How man news admins want to participate as issuers and users?