[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Comments on SPKI draft of 25 March 1997




The proposal allows a subject to be the hash of an object.  I think
the goals this mechanism is trying to achieve should be handled some
other way.

I see certificates as working primarily with keys and names, and
trasferring authority between them.  Keys and names are able to
"speak" (i.e. sign things), and so can receive authority to speak
certain things (so they'll be listened to).  Documents can't speak,
and so can't receive authority.  Certificates are not the right
vehicle for making other kinds of assertions about general documents.

We do have a need for making statements about
	-- keyholders of keys (e.g. the SDSI autocert, where the keyholder's
 		attributes (phone, email-address, encryption keys, server
		addresses, etc.) can be given
	-- documents

The W3C digital signature initiative is making fast progress on means for
doing the second one, and we should probably attempt to coordinate with them.
(Although what they are doing is not particularly "simple", I fear.)  It is
modelled after the PICS labelling scheme.  

A simple scheme would be a new kind of object, such as
	( assert
	   object-being-talked-about-or-its-hash
	   ( predicate )
	   ( function-name value-of-function-applied-to-object )
           ( general-relation param1 param2 ... )
        )
where the last three types might be arbitrarily repeated and intermingled.

A slightly more complex scheme (following the PICS model) would add a
URI indicating where to find out more about the predicates etc (PICS labels)
being used.

I think these kinds of things ARE important, and are NOT THE SAME kind of
thing that certificates do, and SHOULD be handled by SPKI.  In particular,
some of this sort of information is essential to making it all work well,
such as finding out encryption keys and/or locations of servers.

[Footnote: I feel that the public keys of the principals should be
used ONLY for signatures, even if the algorithm type (e.g. RSA) may allow
for encryption as well.  The principal (public-key) should give a signed
statement as to how he wants messages encrypted that are to be sent to him
privately.  There are a number of good reasons for this, which we don't need
to get into here.]

Ron Rivest



Follow-Ups: