Re: USENIX PGP key signing service

[Wei Dai <weidai@eskimo.com>]

On Thu, 30 May 1996, Carl Ellison wrote:

> What you wanted, however, was to define the owner by way of his e-mail address.
> 
> I gave you:
> 
>         (key(=owner)) -> (e-mail)
> but you wanted
> 
>         (e-mail) -> (key(=owner))

Just to clarify a bit, I don't want (e-mail) -> (key) certificates.  In
fact I don't think they have much use at all.  I just used it as an
example to point out that the meaning of a certificate should simple,
clear, and of a form that allows easy automatic management.  The example
you gave in the URL was an English paragraph meant to be read by a person. 
I think in general that would not be as useful as a short sentence in some
cannonical form, such as "If you believe a, then you should believe b." 

> each of these -> relationships requires a certificate of some form.  The
> certificate should be issued by the owner of the left side.  In
> 
>         (key) -> (e-mail)
> 
> the cert is signed by the key.  It is the final authority on what e-mail
> address(es) it can use to receive encrypted mail.
> 
> In
> 
>         (e-mail) -> (key)
> 
> the cert needs to be signed by the authority for the e-mail space -- e.g., a
> company- or ISP- sysadmin.  Note that in this case, USENIX is *not* an
> authority.  It can not testify to this mapping.  It *can* testify to the
> mappings:
> 
>         (member ID) -> (e-mail)
> and
>         (member ID) -> (key)

Hmm.  If you have (member ID) -> (key) and the key owner himself can issue
(key) -> (e-mail), why do you need (member ID) -> (e-mail)?

Wei Dai

---

References:

• Re: USENIX PGP key signing service
• From: Carl Ellison <cme@cybercash.com>

---

• Prev by Date: Re: USENIX PGP key signing service
• Next by Date: Re: USENIX PGP key signing service
• Prev by thread: Re: USENIX PGP key signing service
• Next by thread: Re: USENIX PGP key signing service
• Index(es):
  • Main
  • Thread