[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Comments on SPKI draft of 25 March 1997
At 12:36 PM 3/29/97 EST, Ron Rivest wrote:
>I don't see the "secure systems" argument for having subject signatures on
>any certificates. Is there one?
The argument I see for subject signatures is that for many <auth>s,
something is flowing in both directions. The <auth> can describe a
relationship more than just a unidirectional grant. If something is flowing
in both directions, then I see a need for both parties to sign. In this
sense, I guess I'm seeing a certificate as a kind of contract, and we're
used to contracts having both parties sign.
However, I have no special fondness for lawyers and if the only thing
flowing back from subject to issuer is something only a lawyer could love,
perhaps we should have lawyers discuss this issue, not cryppies. :)
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
References: