From: Charles Lindsey (chl@clw.cs.man.ac.uk)
Date: Mon Oct 15 2001 - 04:58:08 CDT
In <20011012111759.C4901@main.templetons.com> Brad Templeton <brad@templetons.com> writes:
>On Thu, Oct 11, 2001 at 04:47:07PM +0000, Charles Lindsey wrote:
>>
>> Now an article needs to be signed by only one key, because you can look up
>> in your database the whole history of why you should trust it.
>One of the key factors to this debate is you believe there is complexity
>to a certificate system which does not exist in manual files. This is
>not true. One way or another, there needs to be information stored
>in some fashion that configures the trust relationships.
>For example, you might propose a file (keyring) where keys are stored, and
>something is stored to associate a key with an authorization (like
>newgroup in comp.) This file has to have a format, a syntax. It is
>spread out but that is exactly what a certificate is. A certificate is
>an association between a key and an authorization, and it has a syntax.
>The only difference is the one on disk gets its blessing because you hard
>coded blessing to that disk file, and the certificate (found in the
>article) gets its blessing because it is signed by a key. This is popped
>up a level and that key is trusted because it is in the blessed disk file,
>though since the syntax remains the same, this is just an extra level of
>indirection.
On the contrary, it gets its blessing because the file also contains the
certificate that blesses it. The sysadmin only needs to hard-code his
personal blessing to a few top-level certificates.
But the great advantage of that scheme is that all the blessing chains are
precomputed in the file. You request a key, and it come back saying "this
key is already knwon to be trusted according to the criteria you have
specified". This is exactly how the PGP Key Ring operates. It may not be
perfect for our task, but it is Pretty Good (which is all it ever claimed
to be).
Moreover, this is a much better way to handle revocations. When a
revocation arrives on the Key Ring, it immediately locates the key
affected and labels it as revoked. There is NO separete CRL in the PGP Key
Ring.
>> >Why is putting the certificates in the articles so bothersome to you?
Because they are large and cumbersome. They may be better in the case
where millions of keys exist on Usenet, and every site needs to be able to
verify any of them, but I don't accept that is a ball park we want to be
playing in.
>>
>> What your scheme carefully omits to mention is the matter of revocation.
>> There absolutely MUST be a worldwide database of revocations, cached
>> locally. If you are going to have that database anyway, then you may as
>> well keep ALL the keys in it.
>If you have read the proposals, years old as they are, you would see that
>they deal with revocation. In fact, I have often brought up the issue
>of revocation as important because it demands that it must be servers
>which handle authentication, not clients. Clients can't reasonably keep
>a CRL.
>When this is done you only have to keep a cert in the CRL until it expires.
I agree that the main signing keys for newgrouping etc ought to have
expiry dates, but sadly they don't at the moment, and we have to live with
that.
-- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl Email: chl@clw.cs.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5