[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: yet another <auth> type

> From: Carl Ellison <cme@cybercash.com>
> It makes sense to issue an SPKI cert for the statement:
> "The subject keyholder (K1) is the same person as the keyholder of (K2), on 
> <date>."
> This allows someone to start a service by which someone can map old keys to 
> new ones.
> Thoughts?
>  - Carl

It sounds like a duct-tape patch for the fundamental limitation of
SPKI certs.

The premise of SPKI is that persistent identities are an unnecessary
middle step between the public key and the "stuff" (names, email
addresses, priviledges, etc) to be attached to that key.  Therefore
persistent identities have been eliminated as a concept from SPKI.

But the assumption that the public key *IS* the identity is fundamentally
at odds with good key hygene, which dictates that keys be replaced
periodically "just because", or sooner than the normal period if required
by individual key compromise, in response to unexpected advances in
cryptography, or for other reasons.

A persistent identity does not have to be in the form of an X.509
Distinguished Name, nor does it have to be globally unique or meaningful,
nor does it need to have any semantic meaning at all (it could be a random
number, or the hash of something, for example), but it does need to
be persistent.  It allows one to accommodate key updates without
requiring contortions like issuing certificates to map certificates to
other certificates!

Better start scratching off that "S" thing from SPKI :-).


"Every problem can be solved with another level of indirection."
   -- ???