[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

KeyNote draft available

To: Matt Blaze <mab@research.att.com>
Subject: KeyNote draft available
From: "E. Gerck" <egerck@laser.cps.softex.br>
Date: Fri, 13 Mar 1998 23:29:27 -0300
Cc: spki@c2.net, mab@crypto.com, angelos@dsl.cis.upenn.edu, jf@research.att.com, ietf@ietf.org
In-Reply-To: <199803132139.QAA28008@nsa.research.att.com>
References: <199803132139.QAA28008@nsa.research.att.com>
Sender: owner-spki@c2.net

Matt Blaze writes:
 > We have just released a new internet draft describing KeyNote, a trust
 > management system designed to support PKI applications.  KeyNote is
 > based on PolicyMaker, with simplfied features optimized specifically
 > for the PKI problem.  We believe KeyNote provides a simple mechanism
 > that addresses many of the issues of concern to the SPKI group.  We'll
 > be presenting KeyNote in L.A.
 >

I think this document has serious flaws and should be recalled.

When KeyNote considers delegation of trust and its management it
follows the earlier model of "Decentralized Trust Management" -- which
ignores the properties of trust (cf
http://www.mcg.org.br/trustprop.txt) and instead follows an ad hoc
concept of "trust" and its properties. Such concept, which has little
to do with the meaning that the word trust would have in a linguistic
or social context, is not self-consistent either.

In particular, the notion of delegation of trust is flawed, as
evidenced by the following paragraph:

     The TRUST-PREDICATE expression is evaluated.  If the result is
     boolean TRUE, and the key expression in the KEY-PREDICATE 
     field is also true, the request is approved.  Otherwise, it is 
     rejected.

which highlights the use of boolean expressions to evaluate
TRUST-PREDICATE... however, trust does NOT follow a boolean algebra,
as is well known in certificate and security applications (see also
the reference given above).

Further, when the document says:

 TRUST-PREDICATE: (($app_domain="NUKE") &&
                          ($action="launch") &&
                          ($delivery_system="missile") &&
                          (($target="moscow") || ($target="london")))

then we see that what the document calls "trust-predicate" has little
to do with what one would call a predicate of trust in any meaningful
way.

Thus, the document is misleading in its use of the word trust and
should either be changed throughout so that "trust" reads
authorization (for example) and correcting other logical problems or
should not be submitted to the IETF. In any case, it should be
recalled as it is.

Cheers,

Ed 
______________________________________________________________________
Dr.rer.nat. E. Gerck                     egerck@novaware.cps.softex.br
http://novaware.cps.softex.br
    --- Visit the Meta-Certificate Group at http://mcg.org.br ---

Follow-Ups:

Re: KeyNote draft available

From: Matt Blaze <mab@research.att.com>

References:

KeyNote draft available

From: Matt Blaze <mab@research.att.com>

Prev by Date: Re: public key algorithm naming
Next by Date: Re: KeyNote draft available
Prev by thread: KeyNote draft available
Next by thread: Re: KeyNote draft available
Index(es):
- Main
- Thread