[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comments on client auth

> Date: Thu, 13 Jun 1996 16:53:13 -0700
> To: spki@c2.org
> From: starman@llnl.gov (Jeff Parrett)
> Further, as a user I don't want to have to deal with a bunch of CA's and
> decide if I "trust" with each of them. In our architecture we have
> introduced the concept of "inherited trust". This allows the CA which I
> trust to establish a trusted relationship with another CA. If I ask my CA
> for a key which it does not have but can obtain thru a trusted relationship
> then I get the key along with a "chain of trust" which shows the derivation
> of the key. The user can then determine the acceptability of the key.
> We feel this model keeps it simple for the user while allowing a flexible
> and extendable CA infrastructure.

In other words, you agree exactly with the X.509 way of doing things - 
rooted heirarchies with cross-certification and name-subordination rules.
Bravo!    :-)  :-)  :-)

Seriously, I don't think there's any disagreement that it's
sometimes necessary to delegate trust.  Obviously the strongest
trust comes when each user is his own root, but that just isn't
practical under most circumstances (unless you take the trivial
extension of each user issuing only a certificate for it's trusted
CA(s).  There's no point in doing that, since it's easier for the
user to just store its CAs' keys locally to verify the CAs'
self-signed certs.  Exactly the way Netscape works.)