[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: k-of-n subjects versus k-of-n tags?


At 04:38 PM 1/23/98 -0800, Curtis Yarvin wrote:
>> Is there a really strong reason name certs should be so different from auth
>> certs?  Naming in the SPKI model seems to be just a form of authorization
>> anyway (authorization to be referred to under a given name in my
>> namespace).
>I had always thought of this as one of the fundamental distinctions
>between the SPKI keyholder-centric world and the PKIX human-centric
>world.  A PKIX-world certificate says:
>	"The person with name X has public key Y."
>whereas an SPKI-world certificate with equivalent data would be saying:
>	"Keyholder Y is authorized to use the name X."
>Please correct me if this is a novice impression.


	I would disagree on a couple of small points, but in general I think you 
are getting the idea.

	The first small point is that PKIX is not human-centric.  It is 
name-centric.  The idea is incorrect that a name (e.g., an X.509 
Distinguished Name) is an acceptable identifier of a person and can therefore 
be used where you intend to reference a person.  Of course, that's the idea 
that much of X.509 is based on -- but it's wrong.  Names are not acceptable 
identifiers of people -- not in large cities or on the net.

	I believe both X.509 and SPKI try to be human-centric.  The question is how 
you identify that human.  X.509 followed the belief that a name identifies a 
person.  SPKI uses a public key as an identifier of a person: specifically 
of the person who controls the associated private key.  That information may 
not be meaningful to you, but then knowing that someone's family name is Kim 
and that he lives in Seoul So. Korea is probably not meaningful to you 
either.  Either way you need to learn something else about the keyholder --
something that actually means something to you for your application.

	The main thing that separated SPKI from X.509 is that the original X.509 
stopped with the establishment of a name for a key, as if that's all one 
needed to know.  [That *is* all you need to know, if you're in a small town, 
a family, a small school, or other small community.]  With SPKI, we asked 
not "who is associated with that key?" but rather "what is that keyholder 
allowed to do?".  So, we bind authorizations to keys -- not names.

	OTOH, names are important to us.  They are the mechanisms we use to 
identify our friends when we think about them.  Each of us has a name space, 
in our own heads, labeling a body of memories and facts which is the true 
identity of a person, as far as we are concerned.  So, we use these 
personal names for people as identities.  We need to do that.  SDSI names 
give us that ability -- using the only names for people that are meaningful 
to us: our own names for them.

	So, starting with the idea that names don't work, we came back to the idea 
that we need names.  The difference was that X.500 proposed global names and 
it's the global name, assigned by the X.500 process, that makes the names 
useless.  We humans will create our own local names, no matter what anyone 
else decides -- and those are the names we need to support.  Those are the 
names we do support.

 - Carl

Version: PGP for Personal Privacy 5.5.3


|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |