[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Certificate Expiration
-----BEGIN PGP SIGNED MESSAGE-----
At 11:27 PM 5/19/98 +0100, Frank O'Dwyer wrote:
>At 15:02 08/05/98 -0400, Carl Ellison wrote:
>>There are many certificates in use today not so much for security as for a
>>kind of seat license. For such a use, the freeze at expiration is totally
>>appropriate.
>>
>>Of course, I don't like or want to encourage such a use of certificates.
>
>I'm puzzled by this remark. Isn't a time-limited authorisation
>just another SPKI application? Giving someone a permission
>to access some web site for a month doesn't seem so
>extraordinary.
You're right. SPKI can easily handle seat licenses and that's one of many
proper uses for a certificate. What I object to is the creation of a
certificate that gets hyped as having a security value when in fact all it
is is a seat license -- something not advertized, because the cert issuer
has no right to issue seat licenses.
>One could also imagine handing out a "telnet permission" to
>temporarily permit a sysadmin to log in from home in order
>to sort some problem.
Of course.
>(On a related note - I think a useful form of the 'online'
>validity test would be a variation on the 'one-time' test
>which simply computed some external function of the
>current time. This way you could easily express acls which
>allowed access only mon-fri during business hours, for
>example. This would differ from the current 'one-time'
>test only in that the test would be done by local code,
>and so wouldn't be much of a change.)
Yup.
- Carl
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3
iQCVAwUBNWJvKhN3Wx8QwqUtAQEWtQP/VudY/fcq97QQqL3oh4z/HY8v9DabCoyz
NL4uFOL/4PejwPL6yDgMfBpsA5DCPE2RGoLHcbxq2R+v0jXEcQy2MT2Br0RB3t1I
4ZP6O0mZI802FYFMkRxsHKf7RrELQKE2c64KLOCaOYt943y8QJK3PVlAiLM6eh3Z
TM0eco7NMnk=
=dK0g
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
References: