[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: comments on client auth
-----BEGIN PGP SIGNED MESSAGE-----
content-type: text/plain; charset=us-ascii
It may also be that they felt that the mere possibility of
securing machines against tampering with root keys solved the
problem of being sure that it was so. As an implementor I have
wrestled long with this problem.
I'm convinced that the only robust solution to the public-key
management problem involves smartcard-type technology.
Given limited storage trusted storage space on the smartcard, this
argues for a "you are your own root" model, with certificates for any
third-party "roots" stored externally to the card.
> I think that we should be clear to distinguish between two
> different interpretations of chained namespaces. IN SDSI I can
> create a name using a path - "RSA.com's Verisign.com" I think
> that this is impractical since it fragments the namespace
> preventing any equality tests is RSA.com's verisign.com the same
> as openmarket's ?
I don't think I follow here - isn't the idea to resolve the names
by following the references to their sources, thus making
comparison possible?
I'm not sure I follow this either, but at some level, if you really
want to see if two naming paths lead to the same principal, you just
need to find the public keys at the end of the paths and compare
*them* for equality.
It's not at all clear to me *why* you would want to do this...
- Bill
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMcGMQ1pj/0M1dMJ/AQGItgP7B9t2+LFH88NBQHA6wW3/pI8+t3mVqaUk
ecIKa4o9zjg8IBJhuukR61c7IhO1Iv0Rn/ZKBdyftf5FEYF4ih2iBzr2CuMtGR5M
E6oAYgVvMf2CESBvbEPtQTuIKQPejEf5tT8VHLDZ8bcpPSGKVwrnUgNsuaUY7ZsA
7ktigowkryA=
=l3iA
-----END PGP SIGNATURE-----
References: