[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The case against mega-certificates

To: spki@c2.org, Carl Ellison <cme@cybercash.com>
Subject: Re: The case against mega-certificates
From: hallam@vesuvius.ai.mit.edu
Date: Thu, 09 May 96 12:59:43 -0400
Cc: hallam@vesuvius.ai.mit.edu
In-Reply-To: Your message of "Wed, 08 May 96 14:56:02 EDT." <9605081850.AA01698@cybercash.com>
Sender: owner-spki@c2.org


>>	Just to try to bring out what I believe is the most important 
>>part of SDSI - all users are logical peers and have equal rights to
>>define security policies. No more of the old VMS problem of having to 
>>have OPER (system privilege) to create a rights identifier.
>
>Yup -- that's one of its beauties.

I think it is key in lowering the barrier to entry. As with the Web, don't 
assume that the majority of your users have system privs. I think the statement  
"users don't care about security" is wrong. I think the problem is that 
end-users want security but they are not prepared to pay in sysop interactions 
to get it.


>To me, the pointer/inclusion debate is one of performance.  As long as we
>have secure references that can stand for various (bulky) fields, then we
>can be selective about transferral and hashing of those fields. 

We had this arguement when we were discussing how images should fit into the 
Web. Some people wanted to use MIME to encapsulate the text and images in a 
single "wrapper" others wanted to keep them separate for the reason you 
describe.

There is another feature to watch however, if we are talking about authenticated 
links we do not need to constrain ourselves to message digests. We could protect 
the link with a public key which would allow us to reference both constants and 
variables.

The critical advantage of this is that it would allow delegation to agents and 
brokers. It would also allow for conditional delegation such as Silvio Micali's 
S/Key certificate revocation scheme.


The problem I see with this is that we may be making the system too complex and 
too intractable. Consideration must be made of precisely the conditions which 
allow trust to be transferred. One disticinstion that might help in sorting this 
out would be to separate mechanism and identity conditions. I.e. I may trust SHA 
and RSA with a 1024 bit keylength but decide that I don't trust MD5, those trust 
criteria are going to place easy to determine boundaries on the Web of trust. On 
the other hand it is much harder to decide issues to do with trusting other 
parties.

For example a certificate that has a trusted link to another certificate needs 
treating somewhat differently than one that has a link off to a photo of a user.

		Phill

References:

Re: The case against mega-certificates

From: Carl Ellison <cme@cybercash.com>

Prev by Date: Re: Referents and pointers.
Next by Date: Re: Referents and pointers.
Prev by thread: Re: The case against mega-certificates
Next by thread: PKI bibliography
Index(es):
- Main
- Thread