[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comments on client auth

To: "Brian M. Thomas" <bt0008@entropy.sbc.com>, peter@VeriSign.com
Subject: Re: comments on client auth
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 19 Jun 1996 22:47:45 -0700
Cc: spki@c2.org
Sender: owner-spki@c2.org

At  6:10 PM 6/19/96 -0500, Brian M. Thomas wrote:
>Peter Williams <peter@verisign.com> said:
>> The requriements for SPKI naming are surely these:
>
>Hold it right there.  I won't speak for the group, but I might take
>issue with the idea of SPKI having any "naming" requirements at all.

I have to agree with Brian.  My princple interest in SPKI is making sure I
can use SPKI certificates to implement capabilities.  If the key used to
sign the certificate is specific to the resource, then you don't need any
names at all.  The ID of the key is sufficent to define the resource.

As a practical matter, you will probably need a DNS name to locate the
machine which "owns" the resource.  However, that name is only a hint, not
a required part of the certificate.  I can imagine some uses where the
process which wishes to use the capability broadcasts its intent and the
machine(s) with the resource responds to the broadcast.

>> There seem to be assumptions that are satisfied magically:
>> 
>> (1) no principal shall ever share a keyset
>
>Magic it is, in this scheme and all others... it depends solely on the
>security precautions of the keyholders.

We must be careful to build systems where princpals will not want to share
keys.  I think this goal will be hard to meet, considering how often people
share passwords in the real world.  One implication of this goal is that it
must be easy to pass selected parts of one's privileges to other actors. 
(It is already easy to pass your secret key, and passing it shares all your
privileges.)

>> (3) verification of the uniqueness of keying material shall be guaranteed
>> during each naming attestation by each and every principal in the domain
>
>Perhaps you could explain why this should be so.

I think we are assuming that, as with PGP keys and Digicash serial numbers,
the random process by which keys are generated makes the probability of
duplicates to low to consider.

-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA

Prev by Date: Re: comments on client auth
Next by Date: Re: comments on client auth
Next by thread: Re: SDSI name interpretation
Index(es):
- Main
- Thread