[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The notion of an ``individual'' (e.g. person, corporation, process, or machine) is not required


Hi Peter.

At 01:37 PM 4/16/97 -0700, Peter Williams wrote:
>"Principals are public keys. Our system is ``key-centric'': SDSI principals
>are public digital signature verification keys. These public keys are
>central; everything is based around them. The notion of an ``individual''
>(e.g. person, corporation, process, or machine) is not required. Of course,
>such individuals will actually control the associated private keys, so that
>the public/private keys can be viewed as ``proxies'' for those individuals.
> " 
>As should be evident from my mail sequence, Im trying to prepare
>a SPKI/SDSI pilot to help propel adoption of the ideas, and (of course)
>one element is to fixup the legal stuff so at least people know where
>they stand in relation to an issuer, and the act of issuance.
>Whilst academically, individuals as a system notion may not exist,
>legally they will always exist. Sorry if this offends you; its just
>true. As those who control private keys, they will be responsible, and
>the SDSI notion which is in concordance with SPKI does assert that
>essentially there is a proxy relationship between the [(re)liable]
>party and key, and a "speaking act" occurs.

I don't see a problem with this discussion.

I believe both original SPKI and SDSI were clear on the notion that in the 
3D world there is a keyholder tied through private key security measures to 
a key in cyberspace.  Therefore, for every key which speaks in cyberspace
there is a keyholder in 3-D space.

	KH(a)   -----------  KH(b)	3-D world
       |                     |
       |                     |
       |                     |
    (2)|                     |(3)
       |                     |
       |                     |
       |                     |
       a ------------------- b	Cyberspace

My take on the X.509 world is that the diagram above was assumed to have 
links (1), (2) and (3) only.  That is, all privs (1) were communicated in 
the 3-D world and needed somehow to be mapped into cyberspace via (2) and (3).
Links (2) and (3) pointed down.

SPKI and SDSI consider a world in which relationships are formed in 
cyberspace with no 3-D world contact.  It was always possible to communicate 
3-D relationships via the path (3)->(4)->(2) -- but if the only contact you 
have is in cyberspace, you're forced to issue (4).  In the pure cyberspace
model, links (2) and (3) point up (through certificates whose subject is
(keyholder K) ).

Similarly, I can imagine a legal document defining the meaning of a
cyberspace delegation of rights (4) which refers to the keyholder of
a given key as being the person to whom rights are being transferred.

Does this address your concerns?

 - Carl

Version: 2.6.2


|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |