[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: KeyNote draft available

To: mab@research.att.com, spki@c2.net
Subject: Re: KeyNote draft available
From: Hal Finney <hal@rain.org>
Date: Fri, 13 Mar 1998 22:20:47 -0800
Cc: angelos@dsl.cis.upenn.edu, jf@research.att.com, mab@crypto.com
Sender: owner-spki@c2.net

One other point - it appears that all authorizations can be delegated
indefinitely, right?  If one key grants an authority to a second, the
second key can pass the authority on to a third in any way it likes?

In the CA example, KeyNote accepts:

        $action_signer = "dsa-sha1-pkcsX:6:01a32f"
        $app_domain = "RFC822-EMAIL"
        $address="mab@keynote.research.att.com"
        $name="M. Blaze"

but if there were an additional credential:

        VERSION: 1
        SIGNER: dsa-sha1-pkcsX:6:01a32f
        KEY-PREDICATE: rsa-sha1-pkcsX:6:112233
        TRUST-PREDICATE: true
        SIGNATURE: dsa-sha1-pkcsX:10:f43a2c81ffea129d

this would allow key 01a32f to pass its authority on to key 112233.

So KeyNote would then also accept:

        $action_signer = "rsa-sha1-pkcsX:6:112233"
        $app_domain = "RFC822-EMAIL"
        $address="mab@keynote.research.att.com"
        $name="M. Blaze"

and the end user has the power to bind his name to alternate keys?

In some contexts this may be permissible and appropriate, but perhaps
not in others, if the end users are not trusted.

Perhaps it would be the application's responsibility to make sure that
it only provides appropriate credentials, and in this case it should
not have provided that last one?

Hal

Follow-Ups:

Re: KeyNote draft available

From: Matt Blaze <mab@research.att.com>

Re: KeyNote draft available

From: Carl Ellison <cme@cybercash.com>

Prev by Date: Re: KeyNote draft available
Next by Date: Re: KeyNote draft available
Prev by thread: Re: KeyNote draft available
Next by thread: Re: KeyNote draft available
Index(es):
- Main
- Thread