[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SDSI name interpretation



At 05:04 PM 6/14/96 -0400, hallam@Etna.ai.mit.edu wrote:
>
>>I have to come down on the side of SDSI's original scheme.  What you're
>>asking for is covered by SDSI as (rsa.com's DNS's verisign.com) which is
>>probably the same as (openmarket's DNS's verisign.com).
>
>No, this is not the same at all. You are assuming that the party rsa considers 
>to be DNS is the same party as the one I consider to be DNS. 

Phill,

        I think it's the other way around.  I believe *you* are assuming that each of us sees the same DNS.  The SDSI way of writing that at least inspires the question: "Does (rsa.com's DNS) = (openmarket.com's DNS)?"  Furthermore, the question can be answered.  By comparing the public key of (rsa.com's DNS) to the public key of (openmarket.com's DNS), I can learn definitively that they're the same, assuming the public keys are.  If they're not, I can ask RSA and Openmarket for clarification -- possibly warning them that one of them may have been spoofed in a very serious way.

>The distinction is between the party that X calls Y and the party that X 
>believes to be generally known as Y.

I just don't buy the "X believes to be generally known as Y" construct carries the same solidity as "X calls Y".  The "generally known as" construct assumes there is a global, shared name space.  Outside of Bill Clinton and a handful of others, I don't know who else would be in that name space.

>The problem with the private namespaces approach is that the namespace is 
>unbounded even for a finite number of participants. 
>
>
>I think that the use of relative names needs to be confined to the one area 
>where they are relevant - the establishment of the Web of trust itself. 
>Unless there is a clear principle that the parties are all seeking to establish 
>a common binding to a particular name I don't see that there is much value in 
>the process.

I think we are forced by human nature to use relative names for everything.  To me, this is like Einstein's Relativity.  There *is* no global name space.

 - Carl
From ???@??? Sat Jun 15 11:33:22 1996
Return-Path: <owner-spki@c2.org>
Received: from callandor.cybercash.com (callandor1.cybercash.com) by cybercash.com (4.1/SMI-4.1)
	id AA02167; Fri, 14 Jun 96 19:05:10 EDT
Received: by callandor.cybercash.com; id TAA23585; Fri, 14 Jun 1996 19:01:59 -0400
Received: from infinity.c2.org(140.174.185.11) by callandor.cybercash.com via smap (V3.1)
	id xma023583; Fri, 14 Jun 96 19:01:49 -0400
Received: (from daemon@localhost) by infinity.c2.org (8.7.4/8.6.9)
	id PAA13166 for spki-outgoing; Fri, 14 Jun 1996 15:55:30 -0700 (PDT)
	Community ConneXion: Privacy & Community: <URL:http://www.c2.net>
Message-Id: <2.2.32.19960614225647.008b7b34@cybercash.com>
X-Sender: cme@cybercash.com
X-Mailer: Windows Eudora Pro Version 2.2 (32)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Fri, 14 Jun 1996 18:56:47 -0400
To: hallam@Etna.ai.mit.edu
From: Carl Ellison <cme@cybercash.com>
Subject: Re: SDSI name interpretation  
Cc: spki@c2.org, hallam@Etna.ai.mit.edu
Sender: owner-spki@c2.org
Precedence: bulk

At 05:04 PM 6/14/96 -0400, hallam@Etna.ai.mit.edu wrote:
>
>>I have to come down on the side of SDSI's original scheme.  What you're
>>asking for is covered by SDSI as (rsa.com's DNS's verisign.com) which is
>>probably the same as (openmarket's DNS's verisign.com).
>
>No, this is not the same at all. You are assuming that the party rsa considers 
>to be DNS is the same party as the one I consider to be DNS. 

Phill,

        I think it's the other way around.  I believe *you* are assuming
that each of us sees the same DNS.  The SDSI way of writing that at least
inspires the question: "Does (rsa.com's DNS) = (openmarket.com's DNS)?"
Furthermore, the question can be answered.  By comparing the public key of
(rsa.com's DNS) to the public key of (openmarket.com's DNS), I can learn
definitively that they're the same, assuming the public keys are.  If
they're not, I can ask RSA and Openmarket for clarification -- possibly
warning them that one of them may have been spoofed in a very serious way.

>The distinction is between the party that X calls Y and the party that X 
>believes to be generally known as Y.

I just don't buy the "X believes to be generally known as Y" construct
carries the same solidity as "X calls Y".  The "generally known as"
construct assumes there is a global, shared name space.  Outside of Bill
Clinton and a handful of others, I don't know who else would be in that name
space.

>The problem with the private namespaces approach is that the namespace is 
>unbounded even for a finite number of participants. 
>
>
>I think that the use of relative names needs to be confined to the one area 
>where they are relevant - the establishment of the Web of trust itself. 
>Unless there is a clear principle that the parties are all seeking to
establish 
>a common binding to a particular name I don't see that there is much value in 
>the process.

I think we are forced by human nature to use relative names for everything.
To me, this is like Einstein's Relativity.  There *is* no global name space.

 - Carl

+--------------------------------------------------------------------------+
|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                              http://www.cybercash.com/    |
|207 Grindall Street           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103       T:(410) 727-4288     F:(410)727-4293        |
+--------------------------------------------------------------------------+