[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Summary Trust x Delegation

I have a great deal of trouble with the discussion of "trust" being applied
to the SPKI effort.  Given that the trust models I have seen are
self-admittedly incomplete, academic discussion is in order.  However, I
think it is premature to build an IETF standard around them.

A much more important reason is that even if I can calculate "trust" to
nine decimal places, it does not help me with delegation.  I have no
technical way to prevent effective delegation, so I must trust the
recipient of every certificate I generate with regard to delegation.

As I have said before, I think the "don't delegate" state on a certificate
is pernicious.  People will think it gives them a protection they don't
have.  Making it the default compounds the problem.

"Don't delegate" needs to be clearly documented as a polite request to
verifiers and other parts of an implementation not to honor certificates
delegated from the certificate having that attribute.  It is not present in
the standard to prevent the recipient from using the authority granted by
the certificate on behalf of another entity, because that is not
technically possible.  It is present in the standard to make clear to the
recipient of the certificate what the issuer's wishes are with regard to

Bill Frantz       | The Internet was designed  | Periwinkle -- Consulting
(408)356-8506     | to protect the free world  | 16345 Englewood Ave.
frantz@netcom.com | from hostile governments.  | Los Gatos, CA 95032, USA