[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SPKI signing keys only


At 09:31 PM 6/20/97 GMT, William Allen Simpson wrote:
>I don't really like the term "signing keys", though.  Signing is an
>I usually explain it as:
>    Identification key: a long-term key that is associated with a
>    particular role, person, machine, or process (usually a
>    public/private key pair).
>    Communication key: a short-term key used for a message (usually an
>    "ephemeral" symmetric secret key).
>    Signing is the _act_ of creating a Signature using Identification
>    keys.  I rarely mention that this often involves public key
>    encryption to create the signature.  Folks just don't understand
>    that this signature encryption is a fundamentally different usage
>    than message stream encryption.
>    A Certificate is a list of Signatures.
>    Authentication is the _act_ of verifying the certificate.
>    Authorization is the _act_ of verifying that a particular
>    certificate has "permission" to act based on a "policy".

I think you're taking a different projection of the problem space from the one 
I'm used to.  To me, a key is a signature key or an encryption key, getting its 
name from the process with which it is used.

I agree that you can also list the interpretation that key use leads to 
(identification, authentication, authorization, ...) to name the key.  My 
preference is to stick with my old habits but the suggestion is interesting.

 - Carl

Version: 5.0
Charset: noconv


|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |