[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate Expiration

To: Carl Ellison <cme@cybercash.com>, Bill Frantz <frantz@netcom.com>
Subject: Re: Certificate Expiration
From: "Frank O'Dwyer" <fod@brd.ie>
Date: Tue, 19 May 1998 23:27:05 +0100
Cc: spki@c2.net
In-Reply-To: <3.0.3.32.19980508150254.00b3a410@cybercash.com>
References: <v03110704b178f87e3e36@[207.94.249.173]>

At 15:02 08/05/98 -0400, Carl Ellison wrote:
>There are many certificates in use today not so much for security as for a 
>kind of seat license.  For such a use, the freeze at expiration is totally 
>appropriate.
>
>Of course, I don't like or want to encourage such a use of certificates.

I'm puzzled by this remark. Isn't a time-limited authorisation
just another SPKI application?  Giving someone a permission
to access some web site for a month doesn't seem so 
extraordinary.

One could also imagine handing out a "telnet permission" to 
temporarily permit a sysadmin to log in from home in order
to sort some problem.

(On a related note - I think a useful form of the 'online'
validity test would be a variation on the 'one-time' test
which simply computed some external function of the 
current time. This way you could easily express acls which 
allowed access only mon-fri during business hours, for 
example.  This would differ from the current 'one-time' 
test only in that the test would be done by local code,
and so wouldn't be much of a change.)

Cheers,
Frank.

Follow-Ups:

Re: Certificate Expiration

From: Carl Ellison <cme@cybercash.com>

References:

Certificate Expiration

From: Bill Frantz <frantz@netcom.com>

Re: Certificate Expiration

From: Carl Ellison <cme@cybercash.com>

Prev by Date: Invitation to Electronic Commerce Europe 98
Next by Date: "Fuzzy" SPKI (was Re: Certificate Expiration)
Prev by thread: Re: Certificate Expiration
Next by thread: Re: Certificate Expiration
Index(es):
- Main
- Thread