[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: yet another <auth> type


On Fri, 21 Feb 1997, Carl Ellison wrote:
> It makes sense to issue an SPKI cert for the statement:
> "The subject keyholder (K1) is the same person as the keyholder of (K2), on 
> <date>."
> This allows someone to start a service by which someone can map old keys to 
> new ones.
> Thoughts?
>  - Carl

I think it's a good idea.

My interpretation of this is similar to Brian's -- that K1 and K2 have
the same privileges.  I'd even take that a bit further.  Suppose you have
a set of certs.  You would accept them if they were signed by K1, however
they were signed by K2.  Another cert stating the above would let you
accept the certs.

What, however, is the meaning of <date>?  Is it the date when the
statement was made?  Or is it the date when your set of certs was signed?
To maximize utility, the statement should use a range of dates, saying
something like:

"The subject keyholder (K1) is the same person as the keyholder of (K2),
which was valid from <date1> to <date2>."

That way, for any set of certs signed by K2 between <date1> and <date2>, I
can consider them to have been signed by the keyholder of K1.


==============================	------ I'M LOOKING FOR A JOB! -----
        Marc Branchaud        	I'm looking for a full-time career,
       marcnarc@zoo.net       	and I'm willing to move almost any-
    www.zoo.net/~marcnarc/    	where.  You can see my CV online at
==============================	www.zoo.net/~marcnarc/Marc-CV.htm

Version: 2.6.3ia
Charset: noconv