[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
I have taken the liberity of renaming this thread.
At 5:42 PM 3/1/96 +0000, Frank O'Dwyer (speaking to Carl Ellison) wrote:
>I agree (if I've understood), and I really like the key-centric nature
>of what you have proposed. However I'm a little confused about how
>you bootstrap into this key-centric scheme, since most applications will start
>out with some kind of identifier in hand, not a key. Applications are
>right now doing application things, after all, not key things, and users
>don't type keys. (By identifier I mean IP address, RFC822 address, FQDN,
>URL, or whatever--a CS identity if you like.) Suppose, for example,
>all my application has is its own key pair and out of the blue is given
>something's IP address. It wants to connect to some resource that
>'really is' at that IP address (leave ports out of it for the moment), for
>some value of 'really is' (this might only work for local IP addresses).
>How does my app get to the key or keys that it needs for this? That is
>really a basic PKI question--how do you map something or other (usually
>some text string?) to a key, securely?
>In your model, I assume that my app pulls out its own key (or one of the
>keys it's been physically configured with), and searches the net (how?)
>for attributes bound to it (signed by it). I assume that certain special
>types of attributes would allow the search to recurse using attributes
>signed by other keys (i.e. usual certificate chaining). Other attributes
>might perhaps require the search to come up 3 or 4 'lesser' keys vouching
>for some information (cf. PGP's 'marginal' signatures). But do you
>envisage some general algorithm for this search, or is it entirely
>a per-application thing? In other words, how much of this sort of PKI
>(the actual code, as well as the actual certificates) do you envisage
>being reusable across different applications?
[Warning. KeyKOS uses the term "key" to mean capability in its computer
science sense. I may confuse Public/Private key pair and capability so
watch me carefully.]
I got my first PGP public keys on a floppy disk. I assume that an entity
in CS would get its initial keys the same way. The initial keys would have
to be completely trusted (a CS entity has no other choice), but could then
be used to retrieve other keys.
This model leads to the idea of a namespace where there is a separate root
for each CS entity. Nodes of a namespace could be shared between entities
if they shared keys to them. (I find this model much more natural than the
"universal root" model of Unix because it's the one we used in KeyKOS.)
Eventually, if the CS entity needed it, there could be a node which could
do X.500 type name lookups and return keys for those entities.
Regards - Bill
Bill Frantz | The CDA means | Periwinkle -- Computer Consulting
(408)356-8506 | lost jobs and | 16345 Englewood Ave.
email@example.com | dead teenagers | Los Gatos, CA 95032, USA