[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IETF spki meeting minutes

At 12:45 AM -0700 8/15/97, Matt Blaze wrote:
>>>>  Matt Blaze explains one important difference between SPKI and SDSI (in
>>>> answer to a comment in the spirit of "this is so complex, isn't it just
>>>> SDSI in drag") - SPKI is an authentication scheme, while SDSI was for
>>>> identification.
>>> Is there any more juice on this philosophical issue for us mailing-list
>>>types? Its a fascinating statement, and apparently important to
>>>understand, if one wishes to comprehend SPKI design
>>>and security engineering rationale.
>>Unfortunately, I think it was a mis-statement.  See my comments on the
>>meeting minutes.  I have a paragraph on the subject and would appreciate
>>your reaction to my explanation.
>> - Carl
>I was just referring to SDSI's being a naming system, while SPKI,
>as orginally envisioned, needn't be.  I didn't mean anything deeper
>than that, nor do I mean to imply any particular rigor, deepth,
>or precision behind my comment.
>However, I remain philosphically skeptical about the need for names
>in most of these applications.   Distributed names are very hard but
>not all that generally useful.  Attempts to base authorization schemes
>on names leads to thing like X.509.

The application I have in mind identifies principles by their public keys.
I does not need other names.

However, as long as SPKI will support this use, it will support my application.

Bill Frantz                                  Electric Communities
Capability Security Guru                     10101 De Anza Blvd.
frantz@communities.com                       Cupertino, CA 95014
408/342-9576                                 http://www.communities.com