[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Subject signing redux (was: Re: Mary is Mary)

On Wed, 25 Jun 1997, Jim McCoy wrote:

 >[much convolution and detail deleted.]     
-> It adds additional complexity (more sigs to be checked and more effort
-> to set up the cert in the first place) for little gain.  This seems in
-> conflict with the "Simple" part of this group's charter.  If it is not
-> an absolute necessity, avoid it.

No, not at all. Such signature would only be checked if needed, as a
function of risk or cost. Mary is not the issuer, so your point does not

Also, by including Mary's signature as a subject (NOT the issuer), SPKI
could allow both options: to be or not to be ... checked.

-> We couldn't solve these problems in childhood when they first appeared
-> and most of us have since accepted the fact that there are various form
-> of legal remedy when sufficient money is at stake and social remedies for
-> other cases.  I think that is you check with legal scholars you will find
-> that the "real world" has not dealt with this problem any better than
-> what is being proposed here.  This leads us back to the engineers maxim that
-> if it ain't broke, don't fix it.

In childhood I did not use cryptography either ;-)

Back to the drawing board, I am exactly arguing that it is broken -- there
are several inconsistencies that may pop up when you don't require Mary to
sign **as the subject**.


Ed Gerck

Dr.rer.nat. E. Gerck                        egerck@laser.cps.softex.br
P.O.Box 1201, CEP13001-970, Campinas-SP, Brazil  - Fax: +55-19-2429533  

Follow-Ups: References: