Re: SDSI and key distribution

[Wei Dai <weidai@eskimo.com>]

Earlier I argued that the key distribution problem is really not much of a
problem.  People can simply use hashes of their public keys wherever they
now use their e-mail addresses.  However I realized there is at least one
scenario where this might not work well:
Alice and Bob meet at a party.  They want to exchange public keys, but
Alice forgot to bring her business card.  Memorizing a 160-bit hash can be
somewhat cumbersome, even if they are nicely encoded.

Let me propose a simple solution to this problem: a secure public database
that allows lookup using arbitrary octect strings.  Each entry in the
database contains a Principal: object, and is indexed by a string that
serves as a short hand for the principal.  When the database is first
created, the popular index strings can be auctioned off.  Afterwards, they
are allocated on a first come, first serve basis.  Alice can register her
public key under the string "Alice", or if that string is already taken,
any other available index she likes.  Let's call this database ARB.  When
she meets Bob, she can just say, "My public key is ARB!!'s Alice."

The idea here is that ARB's local names are completely arbitrary and does
not necessarily have any relation to any other names (e.g., trade marks or
legal names).  They serve only as indices to the Principal: objects.

Wei Dai

---

Follow-Ups:

• Re: SDSI and key distribution
• From: Raph Levien <raph@cs.berkeley.edu>

References:

• SDSI and key distribution
• From: Wei Dai <weidai@eskimo.com>

---

• Prev by Date: Re: SDSI and key distribution
• Next by Date: Re: SDSI and PGP web of trust
• Prev by thread: Re: SDSI and key distribution
• Next by thread: Re: SDSI and key distribution
• Index(es):
  • Main
  • Thread