[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: yet another <auth> type
If K1 was revoked for being insecure, what evidence other than the full
evidence used to generate K1 in the first place suffice to issue a
If the answer is "you need it all" then the new field is of no value; K2
is a K2 is a K2.
If the answer is "less" then K2 is not a real K2 since it relies in part
on the now-insecure K1.
Of course, if K1 has not been compromised, and K2 is just replacing it due
to age, K1 issues a cert of it's own recognizing K2 (and vice-versa?)? Is
this the problem this is designed to solve?
On Fri, 21 Feb 1997, Moltar Ramone wrote:
> On Feb 02, 1997 at 06:41:14AM -0500, Carl Ellison wrote:
> > It makes sense to issue an SPKI cert for the statement:
> > "The subject keyholder (K1) is the same person as the keyholder of (K2), on
> > <date>."
> > This allows someone to start a service by which someone can map old keys to
> > new ones.
> I find this problematic, because it'll bring about is-a-person sorts of
> And it doesn't really address the problem it could resolve if it was an
> is-a-person claim, that being a sensible means of key revocation that doesn't
> require the ability to use the key you're revoking, and to prevent other
> people from revoking it.
> All the statement *really* means is:
> One person or machine who has the ability to use key K1 can also use K2.
> It does *not* mean:
> The only person who has the ability to use K1 can also use K2
> One person who has the ability to use K1 is the only person to use K2
> The only entity which can use K1 is the only entity to use K2
> Anyone with access to K1 can use K2
> And, of course, what the statement really means is sorta useless, I think.
> And at any rate, it should really say what it is.
> Jon Lasser (410)433-7495 email@example.com
> http://www.goucher.edu/~jlasser/ PGP key = 1024/EC001E4D
> "Flap your ears, Dumbo! The feather was only a trick!"
The above may have been dictated via Dragon Dictate 2.52 voice
recognition. Please be alert for unintentional word substitutions.
A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law | firstname.lastname@example.org
P.O. Box 248087 | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.