[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
non-id certs +++
-----BEGIN PGP SIGNED MESSAGE-----
At 10:34 PM 6/25/97 -0400, Carl Ellison wrote:
>At 05:39 PM 6/25/97 -0600, Bob Jueneman wrote:
>>\Unfortunately, the argument is circular. If you are concerned about a
>>rogue CA issuing a certificate to someone who never heard of that CA, that
>>CA could invent whatever public/private key pair they wished, and embed that
>>key in the certificate they are issuing!
>
>Aha! Another reason not to have identity certs. With pure SPKI certs,
>there is no identity other than the key, so a CA can't invent a key pair and
>attach it to anyone. With SDSI, there is no identity of meaning to anyone
>other than the CA, so the same applies.
Or, from the other POV, this characteristic is what keeps SPKI and SDSI,
independently and together, from having to be licensed by the gov't. If they
go rogue, they can't do what you describe (or nearly any other kind of damage).
-----BEGIN PGP SIGNATURE-----
Version: 5.0
Charset: noconv
iQCVAwUBM7HhVlQXJENzYr45AQEDaQP8CFwPSY1ilAZtlguylDaaUHzgpxZqoZlp
swwtUJYWvOkklm9FHHCnSeVD2uIMzHnsNrP849zFW1gcu0gkJ/nLuJhtGqrSFI8g
x/E/JUfUVhV3iLoAlU7i5tY/K2SL6K6iF2uQj3On8HJfeRZ8OhAG+sDP+m3FHbFL
taSYSJznbDo=
=Ggvu
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
Follow-Ups:
References: