[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SDSI syntax -Reply

To: cme@cybercash.com, rivest@theory.lcs.mit.edu
Subject: Re: SDSI syntax -Reply
From: bjueneman@novell.com (Bob Jueneman)
Date: Wed, 08 May 1996 11:47:50 -0400
Cc: spki@c2.org, blampson@microsoft.com, bjueneman@novell.com

>>> Carl Ellison <cme@cybercash.com> 05/07/96 05:24pm >>>
At 12:24 PM 5/6/96 EDT, Ron Rivest wrote:
>
>>Bob Jueneman notes that large files (e.g. photos) and other documents may
>be common, as part of the discussion on canonicalization.

>One can use a (location,hash) pair to stand for any object -- no matter what size.  I, for one, would rather not send digitized photos or
voice along as part of a certificate I was using to get FTP access to some site.  I would want that to be small -- possibly referring to
such objects and incorporating them by reference but not schlepping them.

 - Carl

Carl,  you may have missed the original comment, where I discussed point-of-sale terminals, digital driver's licenses, etc., that would be
examined by a living person. I wouldn't suggest using a "mega-certificate" to access FTP files, although the question of how to
biometrically authenticate access controls at a distance is an interesting one (especially considering replay attacks).

The trade-off between including information in the certificate vs. having to retrieve the information from a remote source and compare
the message digest to the hash in the certificate cannot be made in a vacuum.  I can surely read information more quickly off ta CD-ROM
with a 6X or 8X drive than I can download it via modem at any speed less than T1.

Prev by Date: Re: SDSI syntax
Next by Date: The case against mega-certificates
Prev by thread: Re: SDSI syntax -Reply
Next by thread: Re: SDSI syntax -Reply
Index(es):
- Main
- Thread