[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: USENIX PGP key signing service

On Thu, 30 May 1996, Carl Ellison wrote:

> What you wanted, however, was to define the owner by way of his e-mail address.
> I gave you:
>         (key(=owner)) -> (e-mail)
> but you wanted
>         (e-mail) -> (key(=owner))

Just to clarify a bit, I don't want (e-mail) -> (key) certificates.  In
fact I don't think they have much use at all.  I just used it as an
example to point out that the meaning of a certificate should simple,
clear, and of a form that allows easy automatic management.  The example
you gave in the URL was an English paragraph meant to be read by a person. 
I think in general that would not be as useful as a short sentence in some
cannonical form, such as "If you believe a, then you should believe b." 

> each of these -> relationships requires a certificate of some form.  The
> certificate should be issued by the owner of the left side.  In
>         (key) -> (e-mail)
> the cert is signed by the key.  It is the final authority on what e-mail
> address(es) it can use to receive encrypted mail.
> In
>         (e-mail) -> (key)
> the cert needs to be signed by the authority for the e-mail space -- e.g., a
> company- or ISP- sysadmin.  Note that in this case, USENIX is *not* an
> authority.  It can not testify to this mapping.  It *can* testify to the
> mappings:
>         (member ID) -> (e-mail)
> and
>         (member ID) -> (key)

Hmm.  If you have (member ID) -> (key) and the key owner himself can issue
(key) -> (e-mail), why do you need (member ID) -> (e-mail)?

Wei Dai