[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [E-CARM] PKI, CAs, TTPs &c.

I believe the time for this discussion has passed...


David P. Kemp writes:
> X.509's thesis is that principals have an existence separate from, and
> extending beyond the lifetime of, any cryptographic keys they may use.
> And that if one is providing security to an existing practice, one
> should use "names" from the domain of that practice.  X.509 defines
> nine different name forms (including RFC822Name, EDIPartyName, and
> IPAddress), and the list can be extended if necessary.
> SPKI's thesis, that the key is (the Unique Identifier of) the
> prinicipal, is simply backwards.  It focuses on the security mechanism
> itself, instead of the practice which is being protected.  And it
> causes unnecessary problems when keys are changed.