Re: yet another <auth> type

[Moltar Ramone <jlasser@goucher.edu>]

On Feb 02, 1997 at 06:41:14AM -0500, Carl Ellison wrote:

> It makes sense to issue an SPKI cert for the statement:
> 
> "The subject keyholder (K1) is the same person as the keyholder of (K2), on 
> <date>."
> 
> This allows someone to start a service by which someone can map old keys to 
> new ones.

I find this problematic, because it'll bring about is-a-person sorts of
claims...

And it doesn't really address the problem it could resolve if it was an
is-a-person claim, that being a sensible means of key revocation that doesn't
require the ability to use the key you're revoking, and to prevent other
people from revoking it.

All the statement *really* means is:
One person or machine who has the ability to use key K1 can also use K2.

It does *not* mean:
The only person who has the ability to use K1 can also use K2
One person who has the ability to use K1 is the only person to use K2
The only entity which can use K1 is the only entity to use K2
Anyone with access to K1 can use K2

And, of course, what the statement really means is sorta useless, I think.

And at any rate, it should really say what it is.

Jon
-- 
Jon Lasser (410)433-7495                    jlasser@rwd.goucher.edu
http://www.goucher.edu/~jlasser/            PGP key = 1024/EC001E4D
      "Flap your ears, Dumbo!  The feather was only a trick!"

---

Follow-Ups:

• Re: yet another <auth> type
• From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>

References:

• yet another <auth> type
• From: Carl Ellison <cme@cybercash.com>

---

• Prev by Date: Re: yet another <auth> type
• Next by Date: Re: yet another <auth> type
• Prev by thread: yet another <auth> type
• Next by thread: Re: yet another <auth> type
• Index(es):
  • Main
  • Thread