[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Certificate Expiration
At 15:02 08/05/98 -0400, Carl Ellison wrote:
>There are many certificates in use today not so much for security as for a
>kind of seat license. For such a use, the freeze at expiration is totally
>Of course, I don't like or want to encourage such a use of certificates.
I'm puzzled by this remark. Isn't a time-limited authorisation
just another SPKI application? Giving someone a permission
to access some web site for a month doesn't seem so
One could also imagine handing out a "telnet permission" to
temporarily permit a sysadmin to log in from home in order
to sort some problem.
(On a related note - I think a useful form of the 'online'
validity test would be a variation on the 'one-time' test
which simply computed some external function of the
current time. This way you could easily express acls which
allowed access only mon-fri during business hours, for
example. This would differ from the current 'one-time'
test only in that the test would be done by local code,
and so wouldn't be much of a change.)