[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on SPKI draft of 25 March 1997

At 12:36 PM 3/29/97 EST, Ron Rivest wrote:
>I don't see the "secure systems" argument for having subject signatures on
>any certificates.  Is there one?

The argument I see for subject signatures is that for many <auth>s, 
something is flowing in both directions.  The <auth> can describe a 
relationship more than just a unidirectional grant.  If something is flowing 
in both directions, then I see a need for both parties to sign.  In this 
sense, I guess I'm seeing a certificate as a kind of contract, and we're 
used to contracts having both parties sign.

However, I have no special fondness for lawyers and if the only thing 
flowing back from subject to issuer is something only a lawyer could love, 
perhaps we should have lawyers discuss this issue, not cryppies. :)

|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |