[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: K-of-N subjects

At 11:46 AM -0700 8/26/97, Carl Ellison wrote:
>At 12:47 PM 8/26/97 -0400, Michael C. Richardson wrote:
>>  I think k-of-n is of sufficient interest for CA type applications
>>that I think that justifies it. It ought to be a SHOULD, not a MUST
>>for implementations. I see CRC's (with pre-shared symmetric signing
>>keys) being the tool to let devices with very small CPUs to act as
>>verifiers. The relationship to Kerberos is strong here. Someone told
>>me that NT 5.0 will have Kerberos...
>This might be a real solution to the problem.  Let's see what the
>list thinks.  Letting K-of-N be a "should" (something we don't bother
>distinguishing yet) and planning for light and heavy weight tuple
>reducing engines allows us to have our cake and eat it too if/when
>we pair the small, dumb card processors with a trusted device on
>the net.  It certainly makes smartcard life easier...unless there
>is a problem finding that trusted, networked device which has a
>symmetric key in its memory -- for generating the CRC for the card.

I also concur -- I like this construction for the future, but don't want to
have to implement it for some time. I also see some arguement for this not
even being a SHOULD or MAY, but instead be an appendix to the first draft
as a statement of future direction in design of SPKI.

..            ** NOTE NEW OFFICE ADDRESS & PHONE NUMBER **            ..
.. Christopher Allen                Consensus Development Corporation ..
.. President & CTO                            2930 Shattuck Ave. #206 ..
.. <ChristopherA@consensus.com>               Berkeley, CA 94705-1883 ..
.. <http://www.consensus.com>            o510/649-3300  f510/649-3301 ..