[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SPKI Charter


X.509 certificates are a distraction.  They were originally designed
for one thing: to allow users to authenticate themselves to their
Directory so that they could update their Directory Entry.  Attempts
to use X.509 for other applications is bound to result in a poor fit;
PEM's deployment difficulties highlighted this.

Rather than forcing every application to look a little bit like a
Directory, we should design a certificate format which is right for
what applications on the Internet need.  This is especially important
because the application for which X.509 was originally intended has
not been deployed on an internet-wide scale.

We need to sit down and agree on:
        - what a "principal"
        - what a certificate is (at a philosophical level)
        - what (in general) applications, users, and administrators
                need from the public key infrastructure on the Internet
.. and then we can start arguing about encoding and
application-specific issues.

        A principal is an entity which has exclusive legitimate
        control over one or more private keys, and is known to others
        by its public key and secondarily by one or more attributes.
        Users are principals, hosts are (may be) principals,
        "certification authorities" are principals, servers/daemons
        are (may be) principals.

        A certificate is a document, signed by one principal, which
        binds a set of one or more attributes to a public key.  It has
        a bounded lifetime; particular certificates can be long-lived
        or ephemeral.

        An application is a system which uses the public key
        infrastructure to help it protect the integrity of its data.
        possible applications include: mail user agents, web browsers
        and web servers, ip stacks, distributed file systems, etc.,

        An attribute is a typed value which has some meaning to one or
        more applications; it can be a user name, a DNS name, a mail
        address, an IP address, or some other application- or
        application-family specific value (e.g., a UNIX-oriented
        distributed file system might want a user id and group set).

        Certificate validation is the process of finding and verifying
        a sequence or mesh of certificates and principals which form a
        credible chain of trust between an implicitly trusted
        principal and a certificate of uncertain provenance in order
        to allow an application to trust one or more of the attributes
        in the certificate.


                                        - Bill

Version: 2.6.1