[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: yet another <auth> type

To: Carl Ellison <cme@cybercash.com>
Subject: Re: yet another <auth> type
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 21 Feb 1997 09:29:48 -0800
Cc: spki@c2.net
In-Reply-To: <3.0.32.19970221064107.00b54d70@cybercash.com>

At 06:41 AM 2/21/97 -0500, Carl Ellison wrote:
>It makes sense to issue an SPKI cert for the statement:
>"The subject keyholder (K1) is the same person as the keyholder of (K2),
> on <date>."
>This allows someone to start a service by which someone can map 
>old keys to new ones.

You don't need a service, though perhaps you need a syntax.
If you have a statement saying
	"There is at least one holder of both K1 and K2 on <date>"
signed by both K1 and K2, it carries as much information as a service 
could actually verify, e.g. either one person walked up to the counter
and demonstrated the ability to sign with both keys, or the service sent
email to the addresses used by the two keyholders and received
signed responses.  Is there some other meaning that you can't get by
do-it-yourself signing?  The interesting cases are when more than
one person or email address has one of the keys....


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#     (If this is a mailing list, please Cc: me on replies.  Thanks.)

References:

yet another <auth> type

From: Carl Ellison <cme@cybercash.com>

Prev by Date: Re: yet another <auth> type
Next by Date: Re: yet another <auth> type
Prev by thread: Re: yet another <auth> type
Next by thread: Re: yet another <auth> type
Index(es):
- Main
- Thread