[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Blind signatures; archives?

At 08:34 PM 6/24/96 -0700, Bill Frantz wrote:

>Would it be possible to have a valid SPKI cert which consists of just a
><key> and a <signature>?  In other words, the <auth> field would be empty. 
>I can see all kinds of problems with how you represent an empty <auth>
>field so blinding would still work, and I agree with you about the time

The way I've been thinking about it, no.  A signed key without any meaning
of any form is really meaningless.

As I said, you *could* attach a single meaning to a single key and get a
signed key to mean something.  The key would also need to carry all the
validity information (e.g., expiration date, ...).  So, that one key ends up
being for one certificate only.

There's an interesting possibility there, however.


Consider the following SPKI cert:

SIGNATURE: <sig from K2>

which could be defined to mean (through the REFLECTED-AUTH) that anything
signed by K1 is taken to mean what this cert means -- and to be valid as far
as this cert is valid.

So -- yes.  We could handle the blinded signatures and still get the whole
structure of certificate meshes to validate, full validity choices, ....
The only drawback is that the blinded signed thing doesn't tell you where to
find its parent certificate.  There's also a way to track identity, if the
issuer generates a new K1 for each different person -- but I'm sure we could
work on administrative procedures to prevent that.

I'll add this <auth> line and example to the Internet Draft draft.

 - Carl

|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                              http://www.cybercash.com/    |
|207 Grindall Street           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103       T:(410) 727-4288     F:(410)727-4293        |