[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on SPKI draft of 25 March 1997

To: rivest@theory.lcs.mit.edu (Ron Rivest)
Subject: Re: Comments on SPKI draft of 25 March 1997
From: Carl Ellison <cme@cybercash.com>
Date: Sat, 29 Mar 1997 13:45:57 -0500
Cc: spki@c2.net, blampson@microsoft.com
In-Reply-To: <199703291736.AA22639@swan.lcs.mit.edu>
Sender: owner-spki@c2.net

At 12:36 PM 3/29/97 EST, Ron Rivest wrote:
>I don't see the "secure systems" argument for having subject signatures on
>any certificates.  Is there one?

The argument I see for subject signatures is that for many <auth>s, 
something is flowing in both directions.  The <auth> can describe a 
relationship more than just a unidirectional grant.  If something is flowing 
in both directions, then I see a need for both parties to sign.  In this 
sense, I guess I'm seeing a certificate as a kind of contract, and we're 
used to contracts having both parties sign.

However, I have no special fondness for lawyers and if the only thing 
flowing back from subject to issuer is something only a lawyer could love, 
perhaps we should have lawyers discuss this issue, not cryppies. :)

+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

References:

Comments on SPKI draft of 25 March 1997

From: rivest@theory.lcs.mit.edu (Ron Rivest)

Prev by Date: Re: Comments on SPKI draft of 25 March 1997
Next by Date: Comments on SPKI draft of 25 March 1997
Prev by thread: Comments on SPKI draft of 25 March 1997
Next by thread: Comments on SPKI draft of 25 March 1997
Index(es):
- Main
- Thread