[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Persistent identities (was: Re: yet another <auth> type)

Marc Branchaud <marcnarc@zoo.net>:
> David Kemp's points (below) about persistent identities hits the nail
> right on the head for me.  The PKI proposals that I've seen either don't
> provide for a persistent identity (SPKI/SDSI), which makes key management
> a real headache, or the persistent identity is too cumbersome and/or
> dynamic (such as with X.500 DNs).

So far, all efforts at composition of such a naming scheme have
involved too much information for privacy and flexibility or too little
for uniqueness.  The problems you cite are typical of the ones we faced
in designing our scheme at Southwestern Bell; we finally settled on one
which didn't really satisfy me on either count.  I believe (as the
draft- of-a-draft states) that names are ultimately local, whether
locally created or imported.  The point is that you can do many things
here that we haven't enumerated; if you have some half-baked ideas,
that's my stock in trade :0>


Brian Thomas, CISSP - Distributed Systems Architect  bt0008@entropy.sbc.com
Southwestern Bell                                    bthomas@primary.net
One Bell Center,  Room 34G3                          Tel: 314 235 3141
St. Louis, MO 63101                                  Fax: 314 235 0162