From: Charles Lindsey (chl@clw.cs.man.ac.uk)
Date: Tue Oct 16 2001 - 04:45:01 CDT
In <20011015124918.D10181@main.templetons.com> Brad Templeton <brad@templetons.com> writes:
>In a certificate collapse (which I've talked about a lot so I am surprised
>you were unaware) the holder of a chain of certificates sends the chain
>to the holder of the top key in the chain. That holder (or a daemon as this
>can easily be automated) converts the chain into a single certificate
>signed by the top key.
That is not the key collapse system as you have usually advocated it. I
can see some merit in it, but it removes the possibility for the
individual user to check the complete chain, and it places even more
reliance on what was already the weakest link in the chain (i.e. Tale in
your example).
In the distributed database method such as I have advocated, the full
evidence is contained in the database, for anybody who wants to inspect
it.
>One can in theory go further. For example, a "hub site" that knows all its
>leaf downstreams and is trusted by them could replace it all mid-stream,
>if you want to be efficient, with a simple signature, or if the link is
>trusted a single flag that says, "Your hub confirms this article is trusted"
Yes, that is what you have usually proposed as "key collapse". And it will
not wash, since it implies articles being changed during transit, contrary
to what we have always agreed.
>However, I don't recommend this any more because I think it's better to
>leave the audit trail behind.
Yes, the original complete key is still needed, so that suspicious minds
can check it.
-- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl Email: chl@clw.cs.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5