[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SDSI and PGP web of trust

At 08:55 PM 5/1/96 -0700, Hal wrote:
>I see a couple of features which characterize the PGP web of trust.
>The first is the trusted signer.  I can make a particular other person as
>being trustworthy.  Then every signature he makes, each of which binds a
>name to a key, I adopt as my own binding.

>In terms of SDSI, the first feature can be thought of as an automatic
>mechanism to resolve names based on someone else's namespace.  If I trust
>alice, then ( ref: alice bob ), which refers to a key and binds the name
>"bob" to the key, would produce a binding in my own namespace of bob to
>that key.  (In PGP terms, "bob" would be a full name and email address.)

I'm not positive I've followed you here, but I have had experience with
using bindings provided by others.  We had an e-mail system a while back
with nested scope of alias definition.  I had my own alias list and if my
alias wasn't found there, the mailer would look at a group alias list and,
if not there, the company alias list....

The result was that mail would occasionally go to people I'd never heard of,
thanks to typos in aliases.

To me, this is an inevitable side-effect of using incorporating someone
else's active dictionary by reference without specifying it directly as in SDSI.

 - Carl

|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091              Tel: (703) 620-4200                         |