From: Brad Templeton (brad@templetons.com)
Date: Mon May 07 2001 - 13:17:47 CDT
On Mon, May 07, 2001 at 11:04:03AM +0000, Charles Lindsey wrote:
> In <20010504102239.C20860@main.templetons.com> Brad Templeton <brad@templetons.com> writes:
>
>
> No it is NOT implicit. It is perfectly possible to define a scheme for
> signing articles and to leave the question of propagating, storing,
> revoking and certifying keys to a later standard. We already discussed
> such a scheme extensively on this list 6 months ago, but only stopped it
> in order to push ahead with other priorities.
I disagree. Defining what a key and signature are on their own is
worthless. Something must be done to associate a key with an attribute,
in particular a permission to perform a privileged action.
That _can_ be done by putting a file in your software which contains a
list of all the keys and what attributes and permissions you associate with
them.
That is certification, by the way, but it is not with digital signature but
instead by virtue of only admins having access to the file.
You can build independent systems to somehow maintain and update these lists
remotely and delegate who can modify them, and there are even cumbersome
ways to do that without digital signature, such as userids and passwords.
You can also do all changes manually.
It can also be done by a certificates in the articles themselves, which
point up to a small set of keys, which are installed once (in fact probably
come with the software) and include keys with the power to change the small
list remotely if it's ever needed.
However, if you leave the problem unsolved, for manual and ad-hoc solutions,
you will of course get a variety of incompatible ones, and create an
administration nightmare for the people running the system.
And for the people using it.
Take the simple problem of creating a new moderated group. You would like
the moderator and her delegates to be the only one to post and cancel there.
How does the moderator get her key, along with its assocation with moderator
permissions on the given newsgroup, distributed out to all the sites
on the net that use signature checking?
You are in effect saying, "we will define how the moderator might sign
articles, but we don't need to answer the question of how the moderator's
key gets out."
If you don't answer the question, what do you think will happen? How long
will it take a new moderator's key to get out?
Or are you suggesting simply that a cert system will be defined later?