[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Where is Carl M. Ellison?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gunther,

	you found me.  I don't know which addresses failed for you, but I'd
like to
hear about that.  It suggests that my ISPs might be flaky.  All the
addresses in
the To: line work for me.

	clark.net seems to be down at the moment -- or recovering from a
crash -- so my
home page isn't available.  When it's back up, the paper you want is at
http://www.pobox.com/~cme/usenix.html
The bibliographic reference is:
Ellison, Carl, "Establishing Identity Without Certification Authorities",
6th
USENIX Security Symposium, July 1996.

	SPKI is alive and well.  I'm here at Intel working on our
implementation and
use of it -- and of authorization in general, no matter what certificate mix
people provide.  I'll be happy to point people at details about that
solution
set.

	There are 4 drafts defining SPKI.  The first two (requirements and
theory) are
ready to be moved over to RFC, in my opinion, but that takes action by Steve
Bellovin and Perry Metzger.  The structure draft is one I'm revising -- much
too
slowly for my desires, thanks to all the work I'm doing here at Intel -- but
that will be available shortly for voting to RFC.

	Meanwhile, there are a number of implementations based on the drafts
and a
handful of applications using them.

	As for SPKI vs. PKIX -- we're addressing different topics.  PKIX is
building
support for identity certificates provided by CAs external to the user
(typically a commercial entity or a corporate CA center).  SPKI deals with
direct authorization of keys and personal ID certs (via SDSI), not with
central
commercial CA support.  I personally believe the SPKI approach is superior,
of
course, but we'll discover that as the years go by.

[Ob plug]: as part of the CDSA effort, through the OpenGroup, we have
defined an
authorization computation mechanism (as detailed in the theory document as
5-tuple reduction) which operates on certificates of all forms, not just
SPKI. 
We have also defined support for certificates of the various X.509 flavors,
SPKI/SDSI, and PGP.  The objective of that effort is to give the implementer
a
choice of format, so that he can select the one that best fits his needs,
but
still allow him to do the full authorization computation as detailed in the
SPKI
documents.  As I said, I believe the SPKI format meets these needs the best
(most securely by a large factor, most simply and most directly) -- but
we'll
see what developers decide.

 - Carl


- -----Original Message-----
From: Gunther Schadow [mailto:schadow@aurora.rg.iupui.edu]
Sent: Thursday, March 11, 1999 8:32 AM
To: carl.m.ellison@intel.com; cme@alum.mit.edu; cme@jf.intel.com
Cc: blampson@microsoft.com; bt0008@entropy.sbc.com; frantz@netcom.com;
perry@piermont.com; smb@research.att.com; spki@c2.net; ylo@ssh.fi
Subject: Where is Carl M. Ellison?


Hi,

I am looking for Carl M. Ellison. I have a couple of questions. I have
read some of his stuff on identity certificates and I like it.  Now I
am writing an article and I need bibliographic references. Especially
I would like to cite the paper "Establishing Identity Without
Certification Authorities".  Most of his older e-mail addresses and
non of his web site HREFs seems to have ceased work. Let's hope I can
find you him out there.

As for a related issue: I like the general thrust of SPKI but I have
heard sad news that the PKI might possibly succeed and SPKI might get
lost. What are your hopes that keep you working on SPKI?

regards
- -Gunther

Gunther Schadow -----------------------------------
http://aurora.rg.iupui.edu
Regenstrief Institute for Health Care
1001 W 10th Street RG5, Indianapolis IN 46202, Phone: (317) 630 7960
schadow@aurora.rg.iupui.edu ---------------------- #include
<usual/disclaimer>

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.0.2

iQA/AwUBNuf+v8xqBGb+WvJAEQLrLQCdFRXfI2NAY3Eb4kfCsXkX9xHOy/sAn0zw
ptxwRca7I71RQgYKCU6klAz2
=OzaT
-----END PGP SIGNATURE-----