[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IETF spki meeting minutes

>>>  Matt Blaze explains one important difference between SPKI and SDSI (in
>>> answer to a comment in the spirit of "this is so complex, isn't it just
>>> SDSI in drag") - SPKI is an authentication scheme, while SDSI was for
>>> identification.
>> Is there any more juice on this philosophical issue for us mailing-list
>>types? Its a fascinating statement, and apparently important to
>>understand, if one wishes to comprehend SPKI design
>>and security engineering rationale.
>Unfortunately, I think it was a mis-statement.  See my comments on the
>meeting minutes.  I have a paragraph on the subject and would appreciate
>your reaction to my explanation.
> - Carl

I was just referring to SDSI's being a naming system, while SPKI,
as orginally envisioned, needn't be.  I didn't mean anything deeper
than that, nor do I mean to imply any particular rigor, deepth,
or precision behind my comment.

However, I remain philosphically skeptical about the need for names
in most of these applications.   Distributed names are very hard but
not all that generally useful.  Attempts to base authorization schemes
on names leads to thing like X.509.


Follow-Ups: References: