[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
KeyNote draft available
We have just released a new internet draft describing KeyNote, a trust
management system designed to support PKI applications. KeyNote is
based on PolicyMaker, with simplfied features optimized specifically
for the PKI problem. We believe KeyNote provides a simple mechanism
that addresses many of the issues of concern to the SPKI group. We'll
be presenting KeyNote in L.A.
The draft should be available from the usual channels shortly. In the
meantime, you can grab a copy from:
I've included the draft abstract and introduction below.
SPKI Working Group Matt Blaze
Internet Draft Joan Feigenbaum
expires in six months Angelos D. Keromytis
The KeyNote Trust Management System
This memo describes KeyNote, a simple trust management system to
support public-key infrastructure. It outlines the syntax and
semantics of keynote credentials, describes action environment
processing, and describes the application architecture into which a
KeyNote implementation would fit.
This memo describes KeyNote, a simple trust management system for
public key infrastructures. Trust management, introduced in the
PolicyMaker system [cite BFL96], is a unified approach for
specifying and interpreting security policies, credentials, and
relationships that allows direct authorization of security-critical
actions. In particular, a trust management system combines the
notion of specifying security policy with the mechanism for
specifying security credentials (subsuming the role of
"certificates"). Credentials describe a specific delegation of
trust among public keys; unlike traditional certificates, which
bind keys to names, trust management credentials bind keys to the
authorization to perform specific tasks.
KeyNote provides a simple notation for specifying both local
security policies and security credentials that can be sent over an
untrusted network. Policies and credentials, called "assertions,"
contain predicates that describe the trusted actions permitted by
the holders of specific public keys. A signed assertion that can
be sent over an untrusted network is called a Credential
Assertions. Credential assertions, which serve the role of
"certificates", have the same syntax as policy assertions with the
additional feature that they are signed by the entity delegating
the trust. A KeyNote evaluator accepts as input a set of local
policy assertions, a collection of credential assertions, and a
collection of attributes, called an "action environment," that
describes a proposed trusted action associated with a set of public
keys. KeyNote determines whether proposed actions are consistent
with local policy by applying the assertion predicates against the
Although the basic design of KeyNote is similar in spirit to that of
PolicyMaker, KeyNote's features have been simplified to more directly
support public-key infrastructure-like applications. The central
differences between PolicyMaker and KeyNote are:
- KeyNote predicates are written in a simple notation based on
C-like expressions and regular expressions.
- The KeyNote system always returns a boolean (trusted or not)
- Credential signature verification is built in to the
- Assertion syntax is based on a human-readable
- Trusted actions are described by simple attribute/value pairs.