[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: yet another <auth> type
David P. Kemp writes:
> It sounds like a duct-tape patch for the fundamental limitation of
> SPKI certs.
> The premise of SPKI is that persistent identities are an unnecessary
> middle step between the public key and the "stuff" (names, email
> addresses, priviledges, etc) to be attached to that key. Therefore
> persistent identities have been eliminated as a concept from SPKI.
That isn't the concept of SPKI. The concept of SPKI is that
*centralized* proof of identity isn't useful, and this makes great
sense. When you go to a bank, they check to see if they think you are
their customer, not if someone else thinks you are their customer.
The binding of a key to an account or authorization or what have you
is something the issuer of the account or authorization cares about,
and not the "Federal Bureau of Key Issuance".
As Carl mentions in his papers on this, the notion of a centralized
concept of identity makes sense only in something like a governmental
or military context, in which one has a notion of centralized identity
and place in a hierarchy, and has no meaning in the wider world of
commerce. In the world of commerce, almost all relationship are
bilateral or involve a privately selected guarantor. This is how
business has been done for literally millenia, and there is no reason
to assume this should change now.
This does not in any way preclude the binding of identities to keys
for localized purposes. The IRS can bind taxpayer IDs to keys for its
own purposes, for instance. The point here, however, is that we don't
end up with any notion of a key that says "the holder of this key is
Joe Smith for all purposes worldwide". We bind the key to the notion
of "has this role for our purposes" directly, not to the notion of a
In such an environment, it is reasonable for a new certificate to be
issued that "overlaps" with an old one.