[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IETF spki meeting minutes

To: Carl Ellison <cme@cybercash.com>
Subject: Re: IETF spki meeting minutes
From: Matt Blaze <mab@research.att.com>
Date: Fri, 15 Aug 1997 03:45:14 -0400
Cc: Peter Williams <peter@verisign.com>, Steve Bellovin <smb@research.att.com>, spki@c2.net
In-Reply-To: Your message of "Thu, 14 Aug 1997 19:24:29 EDT." <3.0.3.32.19970814192429.00a626f0@cybercash.com>

>>>  Matt Blaze explains one important difference between SPKI and SDSI (in
>>> answer to a comment in the spirit of "this is so complex, isn't it just
>>> SDSI in drag") - SPKI is an authentication scheme, while SDSI was for
>>> identification.
>>
>> Is there any more juice on this philosophical issue for us mailing-list
>>types? Its a fascinating statement, and apparently important to
>>understand, if one wishes to comprehend SPKI design
>>and security engineering rationale.
>
>Unfortunately, I think it was a mis-statement.  See my comments on the
>meeting minutes.  I have a paragraph on the subject and would appreciate
>your reaction to my explanation.
>
> - Carl

I was just referring to SDSI's being a naming system, while SPKI,
as orginally envisioned, needn't be.  I didn't mean anything deeper
than that, nor do I mean to imply any particular rigor, deepth,
or precision behind my comment.

However, I remain philosphically skeptical about the need for names
in most of these applications.   Distributed names are very hard but
not all that generally useful.  Attempts to base authorization schemes
on names leads to thing like X.509.

-matt

Follow-Ups:

Re: IETF spki meeting minutes

From: Bill Frantz <frantz@netcom.com>

References:

Re: IETF spki meeting minutes

From: Carl Ellison <cme@cybercash.com>

Prev by Date: Re: IETF spki meeting minutes
Next by Date: getting rid of intersection algebra
Next by thread: Re: Subject signing redux (was: Re: Mary is Mary)
Index(es):
- Main
- Thread