[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Top SDSI issues
-----BEGIN PGP SIGNED MESSAGE-----
At 11:56 AM 6/27/97 EDT, Angelos D. Keromytis wrote:
>In message <199706271308.AA02911@swan.lcs.mit.edu>, Ron Rivest writes:
>>2. [Hashes of keys]
>
>I'm in favour of using the raw keys; i don't think we save anything by
>using hashes, since in most cases we'll have to provide the key as
>well (and, if using hashes, as a separate blob).
There's a clear need for hashes of keys: when the key is symmetric (either
symmetric encryption or HMAC). There's a win in cases when the key shows up
multiple times (e.g., in a cache of certs, all issued by the same firewall
admin).
>>3. [Thresholding]
>
>I'm in favour of letting PolicyMaker programs handle complex queries;
>the basic SPKI syntax should be as simple as possible.
Thresholding is an open issue -- but it's been called for directly by enough
different people and it's so simple to implement that Tatu won me over -- and,
for that matter, SDSI 1.0 had threshold certs as well.
- Carl
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQCVAwUBM7RQplQXJENzYr45AQHr5AP+IsxQujCXKr/qUd7OY3ozzC40GOPJ67bY
P5pTl7StwWJQNIGNYtD8mRoMZEiEk3Ix4yHQcSJSRlywhL3KEtO/ZogG7xvYfapE
riFxNAzzap0B+H7N7akOFAV4HqtdzMPLf1CetfoxfOyC8jKOoGi2BupxinifiMvd
Bu+arHKc+LA=
=yuCY
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
References: