[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Modelling trust

To: Carl Ellison <cme@cybercash.com>
Subject: Re: Modelling trust
From: Tony Bartoletti <azb@llnl.gov>
Date: Fri, 06 Mar 1998 11:20:53 -0800
Cc: spki@c2.net
In-Reply-To: <3.0.3.32.19980305213923.00b0ae70@cybercash.com>
References: <3.0.3.32.19980305170159.00a27500@poptop.llnl.gov><199803051822.KAA13011@gateway-ext.StructuredArts.COM>

Carl,

I do believe SPKI can support a global solution, where employed within a
suitable set of practices and interrelations.  I do agree also that any
global directory is a serious security concern and point-of-failure.

I was actually afraid of being beaten up for implying an invitation to
further the "trust modeling" discussion on the SPKI list.  I think Ed
Gerck has some valid points and valuable debatables, but I don't know
of a forum where such academic/theoretic/philosophic discussions are
very long tolerated, at least among the three I noted.

___TONY___
 

At 09:39 PM 3/5/98 -0500, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>At 05:01 PM 3/5/98 -0800, Tony Bartoletti wrote:
>>SPKI (rather quiet of late) has already transitioned from theory to
>>implementation, but they may be the most receptive.  I say this because
>>the lightweight (some would say "inadequate") nature of their form for
>>supporting global PKI still leaves as an open question how this form
>>might be deployed and "ganged together" to support larger and varied
>>needs.  (I hope Carl Ellison and Perry Metzger don't beat me up;)
>
>OK, Tony, I'll beat you up. :)
>
>I think it's important to note that SPKI's lack of a global directory 
>structure (such as X.500), if that's what you're referring to, is purely 
>intentional.  That global directory structure is a source of security flaws.
>
> - Carl
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP for Personal Privacy 5.5.3
>
>iQCVAwUBNP9h2hN3Wx8QwqUtAQFCpwQAgfss2B1oTtYYIN5/DveqQ1H6WEm687gd
>/zVssnFi13G3lO3Y0BJgh//DVRUCzygKlzqmoYZNpvs7B5pwTrVrwiULbGU0jb9Z
>I1ewZtiEvqyIv8TsoO24tmoduoCBQVqRTT3GOAf5tzlQwW/ENm05Ia94/oeHecA/
>J1aSnXk7L48=
>=A6lL
>-----END PGP SIGNATURE-----
>
>
>+------------------------------------------------------------------+
>|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
>|CyberCash, Inc.                      http://www.cybercash.com/    |
>|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
>|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
>+------------------------------------------------------------------+
>
>

Tony Bartoletti                                             LL
SPI-NET GURU                                             LL LL
Computer Security Technology Center                   LL LL LL
Lawrence Livermore National Lab                       LL LL LL
PO Box 808, L - 303                                   LL LL LLLLLLLL
Livermore, CA 94551-9900                              LL LLLLLLLL
email: azb@llnl.gov   phone: 510-422-3881             LLLLLLLL

References:

Re: Modelling trust

From: Tony Bartoletti <azb@llnl.gov>

Re: Modelling trust

From: Carl Ellison <cme@cybercash.com>

Prev by Date: Re: Modelling trust
Next by Date: Re: Modelling trust
Prev by thread: Re: Modelling trust
Next by thread: Re: Modelling trust
Index(es):
- Main
- Thread