[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Where is Carl M. Ellison?

Hash: SHA1


	you found me.  I don't know which addresses failed for you, but I'd
like to
hear about that.  It suggests that my ISPs might be flaky.  All the
addresses in
the To: line work for me.

	clark.net seems to be down at the moment -- or recovering from a
crash -- so my
home page isn't available.  When it's back up, the paper you want is at
The bibliographic reference is:
Ellison, Carl, "Establishing Identity Without Certification Authorities",
USENIX Security Symposium, July 1996.

	SPKI is alive and well.  I'm here at Intel working on our
implementation and
use of it -- and of authorization in general, no matter what certificate mix
people provide.  I'll be happy to point people at details about that

	There are 4 drafts defining SPKI.  The first two (requirements and
theory) are
ready to be moved over to RFC, in my opinion, but that takes action by Steve
Bellovin and Perry Metzger.  The structure draft is one I'm revising -- much
slowly for my desires, thanks to all the work I'm doing here at Intel -- but
that will be available shortly for voting to RFC.

	Meanwhile, there are a number of implementations based on the drafts
and a
handful of applications using them.

	As for SPKI vs. PKIX -- we're addressing different topics.  PKIX is
support for identity certificates provided by CAs external to the user
(typically a commercial entity or a corporate CA center).  SPKI deals with
direct authorization of keys and personal ID certs (via SDSI), not with
commercial CA support.  I personally believe the SPKI approach is superior,
course, but we'll discover that as the years go by.

[Ob plug]: as part of the CDSA effort, through the OpenGroup, we have
defined an
authorization computation mechanism (as detailed in the theory document as
5-tuple reduction) which operates on certificates of all forms, not just
We have also defined support for certificates of the various X.509 flavors,
SPKI/SDSI, and PGP.  The objective of that effort is to give the implementer
choice of format, so that he can select the one that best fits his needs,
still allow him to do the full authorization computation as detailed in the
documents.  As I said, I believe the SPKI format meets these needs the best
(most securely by a large factor, most simply and most directly) -- but
see what developers decide.

 - Carl

- -----Original Message-----
From: Gunther Schadow [mailto:schadow@aurora.rg.iupui.edu]
Sent: Thursday, March 11, 1999 8:32 AM
To: carl.m.ellison@intel.com; cme@alum.mit.edu; cme@jf.intel.com
Cc: blampson@microsoft.com; bt0008@entropy.sbc.com; frantz@netcom.com;
perry@piermont.com; smb@research.att.com; spki@c2.net; ylo@ssh.fi
Subject: Where is Carl M. Ellison?


I am looking for Carl M. Ellison. I have a couple of questions. I have
read some of his stuff on identity certificates and I like it.  Now I
am writing an article and I need bibliographic references. Especially
I would like to cite the paper "Establishing Identity Without
Certification Authorities".  Most of his older e-mail addresses and
non of his web site HREFs seems to have ceased work. Let's hope I can
find you him out there.

As for a related issue: I like the general thrust of SPKI but I have
heard sad news that the PKI might possibly succeed and SPKI might get
lost. What are your hopes that keep you working on SPKI?

- -Gunther

Gunther Schadow -----------------------------------
Regenstrief Institute for Health Care
1001 W 10th Street RG5, Indianapolis IN 46202, Phone: (317) 630 7960
schadow@aurora.rg.iupui.edu ---------------------- #include

Version: PGP Personal Privacy 6.0.2