[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Where is Carl M. Ellison?


thank you. The e-mail problems existed with acm.org and some earlier
address starting with "sw.???.com". They didn't know the user "cme".
What made me so anxious is that all HREFs I have for you (including
pobox) redirect to http://www.clark.net/pub/cme but that pub/cme
directory is unknown there. Moreover, if I get to the root of
www.clark.net, I am redirected to http://midatlantic.verio.net/ and
nothing seems to know you there. That's weird, isn't it? I can not
confirm your observation that any of the hosts involved is actually
down. They just don't know pub/cme or redirect into desert.

Thanks for the biblio reference.

> 	SPKI is alive and well.  I'm here at Intel working on our
> implementation and use of it -- and of authorization in general, no
> matter what certificate mix people provide.  I'll be happy to point
> people at details about that solution set.

> 	Meanwhile, there are a number of implementations based on the
> drafts and a handful of applications using them.

such as?

> 	As for SPKI vs. PKIX -- we're addressing different topics.
> PKIX is building support for identity certificates provided by CAs
> external to the user (typically a commercial entity or a corporate
> CA center).  SPKI deals with direct authorization of keys and
> personal ID certs (via SDSI), not with central commercial CA
> support.  I personally believe the SPKI approach is superior, of
> course, but we'll discover that as the years go by.

is it a reasonable strategy for a small self-developing user
organization to invest in both PKIX and SPKI? It seems to me that
there is nothing protocol-wise that PKIX can do and SPKI can not do.

> [Ob plug]: as part of the CDSA effort, through the OpenGroup, we
> have defined an authorization computation mechanism (as detailed in
> the theory document as 5-tuple reduction) which operates on
> certificates of all forms, not just SPKI.  We have also defined
> support for certificates of the various X.509 flavors, SPKI/SDSI,
> and PGP.  The objective of that effort is to give the implementer a
> choice of format, so that he can select the one that best fits his
> needs, but still allow him to do the full authorization computation
> as detailed in the SPKI documents.  As I said, I believe the SPKI
> format meets these needs the best (most securely by a large factor,
> most simply and most directly) -- but we'll see what developers
> decide.

Thanks, that answers most of my questions.


Gunther Schadow ----------------------------------- http://aurora.rg.iupui.edu
Regenstrief Institute for Health Care
1001 W 10th Street RG5, Indianapolis IN 46202, Phone: (317) 630 7960
schadow@aurora.rg.iupui.edu ---------------------- #include <usual/disclaimer>