[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Out on a loop

On Wed, 17 Dec 1997, David P. Kemp wrote:

-> > From: Carl Ellison <cme@cybercash.com>
-> > 
-> > Ed,
-> > 
-> > SPKI made its radical departure from X.509 by saying that we have *two* 
-> > issues here -- key security and authorization -- and the authorization was 
-> [snip] 

-> [snip] 
-> If you would just call it the "Public Key Authorization Protocol", and
-> stop referring to it as "a radical departure from X.509" or otherwise
-> comparing it to PKI mechanisms, a lot of confusion would be avoided.
-> [snip]

Thanks, Dave! 

I was almost feeling like a Martian here ;-)

Indeed, as I have commented in this list, the SPKI proposal should refrain
from making misleading statements on global names and should also delete
the words "Public-Key Infrastructure" from its name because it only deals
with local names -- which, of course, will never allow a PKI to be built. 

I also agree with you when you say that " SPKI" can be used to deal with
authorizations -- however, only after the semantics of such authorizations
is defined in a lower certification layer, as well as their scope. 

So, "SPKI" by itself carries no context (semantics + scope)  of the
authorization, which means several things are missing, such as: no one
knows for sure what was the policy under which such authorization was
issued, its validity period as compared to the validity period of the
signining key and the underlying policy, its revocation mechanisms with
respective warranties, its legal implications, if the agent has fully
accepted the delegation to authorize and under what liability policy, who
warrants what, who may not be authorized and on what grounds, what are the
liabilities of the authorized person, what trust model is used, etc.

However, X.509 already divorced key-management from trust-management. Now,
if we divorce key-management from authorization management are we not
going further against the possibility of finding a common register for the
very events we want to control?

Further, SPKI only deals with names which are " bags of bytes"  so any
mention of that " name"  as meaning that a real flesh-and-blood person is
actually involved (or, may be held responsible) is also misleading (as in
"Bob authorizes Alice", etc...). So, in "SPKI", Bob is not "Bob"  but
D546A...., which means that under "SPKI" there is no binding between
cyberspace entities and real-world legal or accountable entities. 

This implies a further divorce in authorization management, which is now
split into syntatic authorization management (as given by "SPKI") and
semantic authorization management (as given elsewhere). Two further
problems raise their medusal heads to us, as we go in this direction. And,
of course, solving only one does not solve the authorization management


Dr.rer.nat. E. Gerck                        egerck@laser.cps.softex.br