[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: fault tolerance of SPKI/SDSI

To: Carl Ellison <cme@cybercash.com>
Subject: Re: fault tolerance of SPKI/SDSI
From: peter.gietz@zdv.uni-tuebingen.de
Date: Thu, 13 Mar 1997 09:55:41 +0100 (MEZ)
Cc: spki@c2.net, Ambix-Team <ambix-d@mail500.uni-tuebingen.de>

-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 12 Mar 1997, Carl Ellison wrote:

> It occurred to me the other day that SDSI with chained local naming and SPKI
> with that plus chained local direct authorizations have an advantage over
> hierarchical schemes.  Certs in our worlds are mesh-like rather than
> tree-like.  I hestiate comparisons to the PGP web of trust, because PGP's
> links are votes on some global name binding, but PGP has the same advantage.
>
> Namely:  these meshes of certificates can be fault tolerant.  A tree can not
> be.  If you break a link in a tree, a whole branch falls off.  If you break
> the root, the whole tree falls.  This is because a tree is inherently
> 1-dimensional.

I asume you mean X.509 with hierarchical schemes. Your argument doesn't
hold strong against X.509, because besides the CA-tree there is also the  
possibility of cross-certification of CAs, which is independent of the
hierarchical level of the two CAs and is in a way comparable with the
PGP web of trust. X.500 is by no way 1-dimensional. So although the
hierarchical system in the first place is not so susceptible to breaks,
because the links are well structured, and have defined responsibilities,
it is, by the means of cross-certification as fault tolerant as a non
hierarchical system.

>
> Of course, the degree of actual fault tolerance will depend on practice,

This is true for all systems.

Peter

- -----------------------------------------------------------------------------
       Karl-Peter Gietz              tel. : +49 7071 29-77800           
Zentrum fuer Datenverarbeitung       email: gietz@zdv.uni-tuebingen.de    
  der Universitaet Tuebingen         snail: Brunnenstr. 27, D-72074 Tuebingen 
      DFN-Projekt AMBIX                     Germany
_____________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMyfAuyy4y1nDXWrxAQG8mQP5AdaAxGXN2OBKndwCvTyl8mZeRZ3SYf4k
H6vODedo9lCRpfEoWadMQ0NhiwxKFdPmrlB0QD02R+jPmPB49Evl4q732Pj7qPec
Df+x9dHG1qiro6+7DGUBVCESF51YPhMpaQE98Ys5sBk8Lxwq8Qmk2O3nFbrkzsoA
iOPYvXWkrwQ=
=xOrv
-----END PGP SIGNATURE-----

Follow-Ups:

Re: fault tolerance of SPKI/SDSI

From: Carl Ellison <cme@cybercash.com>

Prev by Date: Re: fault tolerance of SPKI/SDSI
Next by Date: Re: rules for SPKI <auth> field comparisons
Prev by thread: Re: fault tolerance of SPKI/SDSI
Next by thread: Re: fault tolerance of SPKI/SDSI
Index(es):
- Main
- Thread