[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

naming




  It seems to me that there are two kinds of naming that need to
be supported.  There are probably several mechanisms that could
be used to support such certificates.

  The first kind of naming is a simple host-to-host mapping (probably
using fully qualified domain names or using IP addresses to
distinguish entities).  Signed host-keys from the DNS are an example
of a practical way to handle this case.

  The second kind of naming is a user-to-user mapping (probably using
Internet mailbox names -- user@host.domain initially, though other
forms might also be used).  I, for one, do not believe that it is a
requirement that a single user certificate support all of the possible
mailboxes of a user.  That would be "nice" to have and I'd be
interested if a specific scalable approach were proposed, but it isn't
required IMHO.  PGP certificates meet my minimum requirements, for
example.

  It is conceivable that one might want to use a user certificate for
one party to a session but use a host certificate for the other
party to the session.

  I suspect that none of this is unique to Photuris, though it does
seem to apply to Photuris.  I want to avoid going down any road that
would _require_ us to use X.509 though I don't have any problem with
making that an option that mutually consenting parties could use if
they wished to do so.

Ran
rja@cs.nrl.navy.mil