[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

KeyNote draft available

We have just released a new internet draft describing KeyNote, a trust
management system designed to support PKI applications.  KeyNote is
based on PolicyMaker, with simplfied features optimized specifically
for the PKI problem.  We believe KeyNote provides a simple mechanism
that addresses many of the issues of concern to the SPKI group.  We'll
be presenting KeyNote in L.A.

The draft should be available from the usual channels shortly.  In the
meantime, you can grab a copy from:


I've included the draft abstract and introduction below.


SPKI Working Group                                            Matt Blaze
Internet Draft                                           Joan Feigenbaum
expires in six months                               Angelos D. Keromytis
                                                              March 1998

                 The KeyNote Trust Management System 
                draft-angelos-spki-keynote-00.txt (A)                 


   This memo describes KeyNote, a simple trust management system to
   support public-key infrastructure. It outlines the syntax and
   semantics of keynote credentials, describes action environment
   processing, and describes the application architecture into which a
   KeyNote implementation would fit.

1.  Introduction

   This memo describes KeyNote, a simple trust management system for
   public key infrastructures.  Trust management, introduced in the
   PolicyMaker system [cite BFL96], is a unified approach for
   specifying and interpreting security policies, credentials, and
   relationships that allows direct authorization of security-critical
   actions.  In particular, a trust management system combines the
   notion of specifying security policy with the mechanism for
   specifying security credentials (subsuming the role of
   "certificates").  Credentials describe a specific delegation of
   trust among public keys; unlike traditional certificates, which
   bind keys to names, trust management credentials bind keys to the
   authorization to perform specific tasks.

   KeyNote provides a simple notation for specifying both local
   security policies and security credentials that can be sent over an
   untrusted network.  Policies and credentials, called "assertions,"
   contain predicates that describe the trusted actions permitted by
   the holders of specific public keys.  A signed assertion that can
   be sent over an untrusted network is called a Credential
   Assertions.  Credential assertions, which serve the role of
   "certificates", have the same syntax as policy assertions with the
   additional feature that they are signed by the entity delegating
   the trust.  A KeyNote evaluator accepts as input a set of local
   policy assertions, a collection of credential assertions, and a
   collection of attributes, called an "action environment," that
   describes a proposed trusted action associated with a set of public
   keys.  KeyNote determines whether proposed actions are consistent
   with local policy by applying the assertion predicates against the
   action environment.

   Although the basic design of KeyNote is similar in spirit to that of
   PolicyMaker, KeyNote's features have been simplified to more directly
   support public-key infrastructure-like applications.  The central
   differences between PolicyMaker and KeyNote are:
        - KeyNote predicates are written in a simple notation based on
          C-like expressions and regular expressions.
        - The KeyNote system always returns a boolean (trusted or not)
        - Credential signature verification is built in to the
          KeyNote system.
        - Assertion syntax is based on a human-readable
          "RFC-822"-style syntax.
        - Trusted actions are described by simple attribute/value pairs.