[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: comments on client auth
At 08:33 AM 6/14/96 -0400, David P. Kemp wrote:
>Seriously, I don't think there's any disagreement that it's
>sometimes necessary to delegate trust. Obviously the strongest
>trust comes when each user is his own root, but that just isn't
>practical under most circumstances (unless you take the trivial
>extension of each user issuing only a certificate for it's trusted
>CA(s). There's no point in doing that, since it's easier for the
>user to just store its CAs' keys locally to verify the CAs'
>self-signed certs. Exactly the way Netscape works.)
I don't think this is a trivial extension.
TIS/MOSS, for example, had the individual user sign his CA keys -- so that the user's database of CA keys could be kept in non-trusted storage. When I did the MOSS-Fortezza experiment, for example, I signed NSA's root key/cert with my own signature key, to let MOSS know I trusted it. This also allowed for a merging of rooted-hierarchy and PGP-like certification in a single program, seamlessly. I think they did a wonderful job with that design choice!
- Carl
From ???@??? Fri Jun 14 13:31:16 1996
Return-Path: <owner-spki@c2.org>
Received: from callandor.cybercash.com (callandor1.cybercash.com) by cybercash.com (4.1/SMI-4.1)
id AA25749; Fri, 14 Jun 96 13:11:06 EDT
Received: by callandor.cybercash.com; id NAA11975; Fri, 14 Jun 1996 13:07:56 -0400
Received: from infinity.c2.org(140.174.185.11) by callandor.cybercash.com via smap (V3.1)
id xma011962; Fri, 14 Jun 96 13:07:43 -0400
Received: (from daemon@localhost) by infinity.c2.org (8.7.4/8.6.9)
id KAA06508 for spki-outgoing; Fri, 14 Jun 1996 10:05:59 -0700 (PDT)
Community ConneXion: Privacy & Community: <URL:http://www.c2.net>
Message-Id: <2.2.32.19960614170606.00391ab4@cybercash.com>
X-Sender: cme@cybercash.com
X-Mailer: Windows Eudora Pro Version 2.2 (32)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Fri, 14 Jun 1996 13:06:06 -0400
To: dpkemp@missi.ncsc.mil (David P. Kemp)
From: Carl Ellison <cme@cybercash.com>
Subject: Re: comments on client auth
Cc: spki@c2.org, mark_feldman@tis.com
Sender: owner-spki@c2.org
Precedence: bulk
At 08:33 AM 6/14/96 -0400, David P. Kemp wrote:
>Seriously, I don't think there's any disagreement that it's
>sometimes necessary to delegate trust. Obviously the strongest
>trust comes when each user is his own root, but that just isn't
>practical under most circumstances (unless you take the trivial
>extension of each user issuing only a certificate for it's trusted
>CA(s). There's no point in doing that, since it's easier for the
>user to just store its CAs' keys locally to verify the CAs'
>self-signed certs. Exactly the way Netscape works.)
I don't think this is a trivial extension.
TIS/MOSS, for example, had the individual user sign his CA keys -- so that
the user's database of CA keys could be kept in non-trusted storage. When I
did the MOSS-Fortezza experiment, for example, I signed NSA's root key/cert
with my own signature key, to let MOSS know I trusted it. This also allowed
for a merging of rooted-hierarchy and PGP-like certification in a single
program, seamlessly. I think they did a wonderful job with that design choice!
- Carl
+--------------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+--------------------------------------------------------------------------+