[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: spec for wire format of SPKI cert

To: Peter Williams <peter@verisign.com>
Subject: RE: spec for wire format of SPKI cert
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 27 Aug 1996 23:56:56 -0700
Cc: spki@c2.org
Sender: owner-spki@c2.net

At  9:02 PM 8/27/96 -0700, Peter Williams wrote:
>I do agree that the notion of controlling delegation is the most simplistic
>security policy model Ive thought about myself, and one which is increasingly
>necessary for the object protocols now emerging into practice on the web.

To repeat myself: As long as a legitimate user can set up a proxy service
to use a cert you gave him you can not prevent him from effectively
delegating the authority given by that cert.  In other words, the limits on
delegation in a cert are of the form "please don't delegate or we will
punish you" rather than "you can't delegate because the mathematics and
logic of the system prevent you from doing so".

Because of this fact, "don't delegate" should not be depended on where real
security is needed.

>Assuming the Internet becomes a distributed object system, one can
>perhaps begin to conceive of certs not as an ancillary mgt security 
>infrastructure, but as the point of expression and control of interface 
>brokerage between cooperating objects. Just as an X.509 cert is really a 
>mini-Directory entry, so the delegation-cert is a authorised-configuration 
>utility for both comms paths and interworking assumptions.

SPKI certs act a capabilities in a traditional capability system.  As such
they combine authentication and authorization in one package.

>A reliable liability model depends upon
>constrained data handling with well-defined meaning; and SPKI certs
>sometimes seem to be self-defining semantically; and this property makes
>life difficult if the certs are ever to control commercial risks,
>control hazardous, or military weapon systems.

Much of SPKI certs (the <auth> fields) are defined by the application. 
Applications are perfectly capable of assigning well-defined meanings to
the <auth>s they define.

-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA

Prev by Date: RE: spec for wire format of SPKI cert
Next by Date: RE: spec for wire format of SPKI cert
Prev by thread: RE: spec for wire format of SPKI cert
Next by thread: RE: spec for wire format of SPKI cert
Index(es):
- Main
- Thread