[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: re. name cert meaning
> At 01:46 PM 1/25/98 -0700, Bryan Ford wrote:
> >Basically, as Curtis said, a name cert is really just a statement
> >that "principal Y is hereby authorized to use name X in my namespace."
> to nit pick:
> I believe the SDSI name is better defined as "X is a label by which I (the
> issuer) refer to principal Y (or some set of principals $Y_i$)".
These may be two different things.
When I said that, I was talking about X.509 naming, not SDSI
naming. Obviously, Carl's definition of SDSI naming is
correct, but X.509 has a different property: it refers to
names that have fixed meaning in the physical world.
An SDSI name seems to me more like a pointer, a way of
describing a keyholder or keyholder set that is more
convenient than directly including a public key. Having a
certain SDSI name is not a privilege in and of itself.
Being able to claim that you are the person referred to by
an X.509 name is.
It's angels on a pin, of course, but it seemed worth saying.