[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The case against mega-certificates
>> Just to try to bring out what I believe is the most important
>>part of SDSI - all users are logical peers and have equal rights to
>>define security policies. No more of the old VMS problem of having to
>>have OPER (system privilege) to create a rights identifier.
>Yup -- that's one of its beauties.
I think it is key in lowering the barrier to entry. As with the Web, don't
assume that the majority of your users have system privs. I think the statement
"users don't care about security" is wrong. I think the problem is that
end-users want security but they are not prepared to pay in sysop interactions
to get it.
>To me, the pointer/inclusion debate is one of performance. As long as we
>have secure references that can stand for various (bulky) fields, then we
>can be selective about transferral and hashing of those fields.
We had this arguement when we were discussing how images should fit into the
Web. Some people wanted to use MIME to encapsulate the text and images in a
single "wrapper" others wanted to keep them separate for the reason you
There is another feature to watch however, if we are talking about authenticated
links we do not need to constrain ourselves to message digests. We could protect
the link with a public key which would allow us to reference both constants and
The critical advantage of this is that it would allow delegation to agents and
brokers. It would also allow for conditional delegation such as Silvio Micali's
S/Key certificate revocation scheme.
The problem I see with this is that we may be making the system too complex and
too intractable. Consideration must be made of precisely the conditions which
allow trust to be transferred. One disticinstion that might help in sorting this
out would be to separate mechanism and identity conditions. I.e. I may trust SHA
and RSA with a 1024 bit keylength but decide that I don't trust MD5, those trust
criteria are going to place easy to determine boundaries on the Web of trust. On
the other hand it is much harder to decide issues to do with trusting other
For example a certificate that has a trusted link to another certificate needs
treating somewhat differently than one that has a link off to a photo of a user.