[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

server-signed certificates, My confusion regarding

This discussion about requiring subject-signed certificates has me
confused, and so I feel I must ask some questions even at the risk of
prolonging the conversation.

Principals in SPKI need not be human. To quote the current Internet-draft,
"By PRINCIPAL, we mean an entity (e.g., person, processor, process, device
(such as a printer), ...) which supplies a service or requests action in a
distributed computer system."

The idea of subject-signed certificates seems meaningless for most
non-human subjects. What do people proposing mandatory subject-signed
certificates propose to do about non-human subjects? Are you thinking of
restricting SPKI to human subjects in order to conform with current legal
rules regarding humans? Or are you thinking of two rules for certificates,
one for human and one for non-human subjects? Or are you imagining some
sort of escape hatch?

Enquiring minds want to know!