[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Final Year Thesis: SPKI
Hi,
Here is a professor of UCL, Louvain-la-Neuve:
I suppose that everybody here is enough smart not to write
his final work for him. So here are some clues:
- use altavista and yahoo;
- explore the web pages of IETF;
- explore the web pages of Rivest, Carl Ellison;
- use your time, your critical sense and when you know the
subject, then go to the right forum, to ask questions
and, maybe, to suggest.
Jean-Jacques Quisquater,
From ???@??? Mon Jun 29 11:44:05 1998
Received: by mis01.reston.cybercash.com; id JAA12673; Mon, 29 Jun 1998 09:50:41 -0400 (EDT)
Received: by callandor.cybercash.com; id JAA24743; Mon, 29 Jun 1998 09:49:44 -0400
Received: from blacklodge.c2.net(208.139.36.35) by callandor.cybercash.com via smap (3.2)
id xma024701; Mon, 29 Jun 98 09:49:19 -0400
Received: (from majordom@localhost) by blacklodge.c2.net (8.8.5/8.7.3) id GAA13129 for spki-outgoing; Mon, 29 Jun 1998 06:41:43 -0700 (PDT)
X-Authentication-Warning: blacklodge.c2.net: majordom set sender to owner-spki@c2.org using -f
Message-Id: <3.0.3.32.19980629093832.03337678@mailhost.reston.cybercash.com>
X-Sender: cme@mailhost.reston.cybercash.com
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32)
Date: Mon, 29 Jun 1998 09:38:32 -0400
To: Ed Gerck <egerck@laser.cps.softex.br>
From: Carl Ellison <cme@cybercash.com>
Subject: Re: Final Year Thesis : SPKI
Cc: Judie Mulholland <judiemul@kc-inc.net>, DoWneR@mail.dma.be, spki@c2.net
In-Reply-To: <Pine.LNX.3.95.980628162234.13732o-100000@laser.cps.softex.
br>
References: <Pine.LNX.3.96.980628095943.1274A-100000@c3po.kc-inc.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-spki@c2.net
Precedence: bulk
Status: O
-----BEGIN PGP SIGNED MESSAGE-----
At 04:45 PM 6/28/98 -0300, Ed Gerck wrote:
>>On Sun, 28 Jun 1998 DoWneR@mail.dma.be wrote:
>>
>>>
>>> My name is Olivier Dellicour. I'm 24, I'm Belgian and I live in
>>> Brussels. I'm a Business Ingeneer student and like every students
>>> around the world I have to write a final year thesis. Mine is about
>>> electronic certification and SPKI. I have to compare SPKI
>>> certificate and its competitors (X.509, ...) and demonstrate that
>>> SPKI is better (at least try to !!!). As you can imagine, I'm not a
>
>Olivier:
>
>Comparing SPKI with X.509 is like comparing apples and speedboats.
>
>In spite of its name, SPKI is NOT a PKI and does not allow a PKI to
>be built with it. Neither with SDSI, in SPKI/SDSI.
>
>Further, SPKI addresses the question of "what" and only to the issuer
>-- while X.509 addresses "who" and "what" and not only to the issuer.
Ed,
I think we need to re-think these conclusions. I have been unable to
detect these differences between SPKI and X.509 -- unless you define "PKI"
as "building a global directory of distinguished names" -- ie., as a synonym
for X.500.
Of course, there is a huge difference between X.509's practice of
certifying names and the claim that it addresses "who" for anyone, much less
for the whole world.
It is also not true that SPKI/SDSI fails to address "who" for non-issuers.
SDSI names are designed specifically for introducing person C by name from
person A to person B.
>Further, as a general rule, it is not advisable to set goals of what
>you want to demonstrate before studying the subjects -- because the
>subjects may not be even comparable, as the case at hand..
Amen!
- Carl
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3
iQCVAwUBNZeY1xN3Wx8QwqUtAQHq5gP/XefnhAa2nG0EOXWnogsbTMRb7USdPIO7
DPcBzZIcABg2L/AdCH+TGtXnk3njIaevwBlRNiNBiq8O7/68fv4vCn9na9VsYERD
IT/SvqlbAoNVpdwHWEY8EHEIisx0QAxxDfyOjGseSOxqBbPs3Qxnv21kGYzLahin
HXEKNZUro0U=
=xuhx
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
From ???@??? Mon Jun 29 11:44:05 1998
Received: by mis01.reston.cybercash.com; id JAA12537; Mon, 29 Jun 1998 09:45:38 -0400 (EDT)
Received: by callandor.cybercash.com; id JAA23949; Mon, 29 Jun 1998 09:44:41 -0400
Received: from blacklodge.c2.net(208.139.36.35) by callandor.cybercash.com via smap (3.2)
id xma023886; Mon, 29 Jun 98 09:44:12 -0400
Received: (from majordom@localhost) by blacklodge.c2.net (8.8.5/8.7.3) id GAA13121 for spki-outgoing; Mon, 29 Jun 1998 06:41:15 -0700 (PDT)
X-Authentication-Warning: blacklodge.c2.net: majordom set sender to owner-spki@c2.org using -f
Message-Id: <3.0.3.32.19980629093931.033a4208@mailhost.reston.cybercash.com>
X-Sender: cme@mailhost.reston.cybercash.com
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32)
Date: Mon, 29 Jun 1998 09:39:31 -0400
To: Lynn.Wheeler@firstdata.com
From: Carl Ellison <cme@cybercash.com>
Subject: Re: Final Year Thesis : SPKI
Cc: Judie Mulholland <judiemul@kc-inc.net>, DoWneR@mail.dma.be, spki@c2.net
In-Reply-To: <88256631.00799917.00@lnsunr02.firstdata.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-spki@c2.net
Precedence: bulk
Status: O
-----BEGIN PGP SIGNED MESSAGE-----
Lynn,
I'm not familiar with the term PCI. Did you invent it? Do you have a full
definition?
- Carl
At 03:26 PM 6/28/98 -0700, Lynn.Wheeler@firstdata.com wrote:
>also note that for the most part ... the x.509 genre are about
>public certificate infrastructures (i.e. PCIs) ... effectively the ability
>to
>represent the binding between public-key and some attribute
>for use by otherwise anonomous relying parties with no prior business
>relationships.
>
>there are a lot of infrastructures that can represent public key
>binding and attributes ... i.e. PKIs w/o having to be PCIs ...
>an example is account-based electronic commerce
>financial transactions (pay with credit, debit, check, ach,
>bank, etc) ... where there is a relationship with a financial
>institution ... and the financial institution is responsible for
>the funds tansfer/payment. for related info see
>http://www.garlic.com/~lynn/
>
>for transactions where near real-time status
>is required ... (which is given rise to to things like OCSP)
>.... questions are raised like are the certificates redundant?
> (especially if an "authority" is going to be contacted in any case).
>This becomes double evident in financial transactions ... where
>the financial institution may have to be contacted for execution
>of the actual transaction.
>
>
>
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3
iQCVAwUBNZeZEhN3Wx8QwqUtAQHUAAP9Fssb9xWEuciSsKsx9du4x7/A43eYE6V8
uiU3Gsiz/0OOo3VH6Aba4H8Wx6idY1DWhQ+KyIFQfaxsRC26wWGqhUXQAt8SR4cA
vLa8A2etji7I6bEWIZM1CwkACIBSpZyQUgpGN1KlZfy9C9iJ+fe51hHgBN+YamO5
/hPMrs+etks=
=iqtb
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
From ???@??? Mon Jun 29 11:44:06 1998
Received: by mis01.reston.cybercash.com; id KAA14495; Mon, 29 Jun 1998 10:56:28 -0400 (EDT)
From: Lynn.Wheeler@firstdata.com
Received: by callandor.cybercash.com; id KAA05934; Mon, 29 Jun 1998 10:55:31 -0400
Received: from mail-ewr-2.pilot.net(206.98.230.16) by callandor.cybercash.com via smap (3.2)
id xma005855; Mon, 29 Jun 98 10:55:16 -0400
Received: from mailgw.FirstData.com ([204.48.27.166])
by mail-ewr-2.pilot.net (Pilot/8.8.8) with ESMTP id KAA23779;
Mon, 29 Jun 1998 10:51:41 -0400 (EDT)
Received: from lnsunr02.firstdata.com ([192.168.247.16]) by mailgw.FirstData.com with SMTP id KAA18209; Mon, 29 Jun 1998 10:51:38 -0400 (EDT)
Received: by lnsunr02.firstdata.com(Lotus SMTP MTA v4.6.1 (569.2 2-6-1998)) id 85256632.00517CBE ; Mon, 29 Jun 1998 10:50:03 -0400
X-Lotus-FromDomain: FDC
To: Carl Ellison <cme@cybercash.com>
cc: Judie Mulholland <judiemul@kc-inc.net>, DoWneR@mail.dma.be, spki@c2.net
Message-ID: <88256632.004E53F1.00@lnsunr02.firstdata.com>
Date: Mon, 29 Jun 1998 07:49:40 -0700
Subject: Re: Final Year Thesis : SPKI
Mime-Version: 1.0
Content-type: text/plain; charset=us-ascii
Content-Disposition: inline
Status:
i just noticed it as the letters was flowing off my fingures ...
(lower-case)
public key infrastructure is where half of asymmetric key pair is made
available publicly via some mechanism (i.e. directory, word-of-mouth).
I would consider x.509 more appropriately named a public certificate
infrastructure ... since it is a particular mechanism for making
knowledge/use
of public key widely available (of course word semantics can be ignored and
things
can be named by arbritrary combination of words).
In any case, PCI is particular mechanism for making public key information
available using certificates.
I was particularly thinking about the use of public key in account-based
financial systems where timely knowledge of public/private key state
is needed for a financial transactions. In such environments requiring
near real-time status ... an associated certificate (manufactored at some
point in the past) seems to be extraneous (since the registration authority
has to be contacted in any case; the whole point of the certificate seeming
to be the elmination of any such check per transaction).
OCSP seems to be providing knowledge about 2nd order effects ... what
really is of interest (for financial transaction) is timely knowledge about
the publickey/attribute binding status .... translating that into providing
status on manufactored certificates introduces secondary effects
concerning the manufactoring process (which can represent
unacceptable systemic risks in large account-based financial
infrastructures).