[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: USENIX PGP key signing service
On Thu, 30 May 1996, Carl Ellison wrote:
> What you wanted, however, was to define the owner by way of his e-mail address.
>
> I gave you:
>
> (key(=owner)) -> (e-mail)
> but you wanted
>
> (e-mail) -> (key(=owner))
Just to clarify a bit, I don't want (e-mail) -> (key) certificates. In
fact I don't think they have much use at all. I just used it as an
example to point out that the meaning of a certificate should simple,
clear, and of a form that allows easy automatic management. The example
you gave in the URL was an English paragraph meant to be read by a person.
I think in general that would not be as useful as a short sentence in some
cannonical form, such as "If you believe a, then you should believe b."
> each of these -> relationships requires a certificate of some form. The
> certificate should be issued by the owner of the left side. In
>
> (key) -> (e-mail)
>
> the cert is signed by the key. It is the final authority on what e-mail
> address(es) it can use to receive encrypted mail.
>
> In
>
> (e-mail) -> (key)
>
> the cert needs to be signed by the authority for the e-mail space -- e.g., a
> company- or ISP- sysadmin. Note that in this case, USENIX is *not* an
> authority. It can not testify to this mapping. It *can* testify to the
> mappings:
>
> (member ID) -> (e-mail)
> and
> (member ID) -> (key)
Hmm. If you have (member ID) -> (key) and the key owner himself can issue
(key) -> (e-mail), why do you need (member ID) -> (e-mail)?
Wei Dai
References: