[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Principals in SPKI vs SDSI

This is a good observation, Hal.

The SPKI wording is left over from the original document, during the writing 
of which I was very concerned about getting through to people who need to be 
eased into the idea of a key as a principal.  I opt for using the definition 
of principal = key, since it speaks.  I refer to the word that way elsewhere 
in the text.

 - Carl

At 02:10 PM 3/29/97 -0800, Hal Finney wrote:
>I notice that SDSI and SPKI have different definitions of "principal".
>In the SDSI v 1.0 document, it says,
>  A SDSI principal is defined as a public signature verification key, one or
>  more optional global names, and one or more optional internet addresses. The
>  most important thing about a principal is its ability to verify signed
>  statements; that is why a principal is defined in terms of its public key.
>In the SPKI draft, it says:
>   The most important issue is the notion of the binding of a key to a
>   principal.
>        By PRINCIPAL, we mean an entity (e.g., person, processor,
>        process, device (such as a printer), ...) which supplies a
>        service or requests action in a distributed computer system.
>So in SDSI, a principal is a key, and in SPKI, a principal is a person
>or process, etc.  In SDSI an issue is binding names, local or global,
>to principals.  In SPKI an issue is binding keys to principals.
>In the interests of lessening confusion as the two efforts are merged,
>it would be good to adopt a consistent meaning for this term.
>Hal Finney
>PGP, Inc.

|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |