[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate Expiration

At 15:02 08/05/98 -0400, Carl Ellison wrote:
>There are many certificates in use today not so much for security as for a 
>kind of seat license.  For such a use, the freeze at expiration is totally 
>Of course, I don't like or want to encourage such a use of certificates.

I'm puzzled by this remark. Isn't a time-limited authorisation
just another SPKI application?  Giving someone a permission
to access some web site for a month doesn't seem so 

One could also imagine handing out a "telnet permission" to 
temporarily permit a sysadmin to log in from home in order
to sort some problem.

(On a related note - I think a useful form of the 'online'
validity test would be a variation on the 'one-time' test
which simply computed some external function of the 
current time. This way you could easily express acls which 
allowed access only mon-fri during business hours, for 
example.  This would differ from the current 'one-time' 
test only in that the test would be done by local code,
and so wouldn't be much of a change.)


Follow-Ups: References: