[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

The word "certificate"

>Subj: Re: My comments on the X/Open PKI requirements document

At 11:46 AM 4/5/96 -0800, Bill Frantz wrote:

>At least on SPKI, I think we have realized that there are two, almost
>totally unrelated problems being addresses.  These are the problems of
>establishing trust and establishing a "true name".  For many applications
>(e.g. distributed capability systems), you don't need "true names", but you
>do need to be able to establish that the caller indeed possess the
>capability being invoked (A form of trust).  (The interesting item here is
>that you don't absolutely need certificates for distributed capabilities.)

I have the habit of using the word "certificate" to mean any signed statement while I'm sure some others use the word to refer only to a signed binding between a name and a key.

Which way were you using the word in your last sentence?

 - Carl
From ???@??? Fri Apr 05 15:55:22 1996
Return-Path: <owner-spki@c2.org>
Received: from callandor.cybercash.com (callandor1.cybercash.com) by cybercash.com (4.1/SMI-4.1)
	id AA19549; Fri, 5 Apr 96 15:48:00 EST
Received: by callandor.cybercash.com; id QAA08514; Fri, 5 Apr 1996 16:00:31 -0500
Received: from infinity.c2.org( by callandor.cybercash.com via smap (g3.0.3)
	id xma008512; Fri, 5 Apr 96 16:00:25 -0500
Received: (from daemon@localhost) by infinity.c2.org (8.7.4/8.6.9)
	id MAA16011 for spki-outgoing; Fri, 5 Apr 1996 12:39:43 -0800 (PST)
	Community ConneXion: Privacy & Community: <URL:http://www.c2.net>
From: hallam@w3.org
Message-Id: <9604052045.AA03506@zorch.w3.org>
To: Carl Ellison <cme@cybercash.com>
Cc: spki@c2.org, hallam@w3.org
Subject: Re: My comments on the X/Open PKI requirements document 
In-Reply-To: Your message of "Fri, 05 Apr 96 12:51:52 EST."
Date: Fri, 05 Apr 96 15:45:22 -0500
X-Mts: smtp
Sender: owner-spki@c2.org
Precedence: bulk

I n response to carl's point on the User Interfrace 

I remember trying to set up the secude X.5000 directory. This proved to
be impossible because the documentation assumed that you were already
operating within an sestablished x500 dierectory. The software would not
accept a key unless it was authenticated by a pre-existing key. There
did not seem to be an easy way of voverriding this.

The point I am making is that we must consider not only the steady t
state when ther is a global infrastructure in esistende . We must consider the
path to steady state, if this is infeasible than a global key infrastructure

I agree with carl that the number of standards bodies going after a problem
does not mean that there is a solution. I don't believe that PKI is a
technical or cryptographic problem it is a socil problem. Our tools are
likely to include socialogy and philosophy (and editors with backspace keys)

As far as the IETF is concerned we have had multiple groups go after the
same problem many times. We have accepted standards defined outside the
IETF if they have proven more acceptable/successful in the marketplace.

The point about the IETF is that it is an open process. There could be seventy
closesd ISO. or ANSI committees and there would still be a rationale for
anIETF committee.