[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: X.509 ACs vs. SPKI?
"Ellison, Carl M" wrote:
> ... for secure binding,
> the hash of the public key is a fine globally unique identifier and an
> unanchored text name is wide open to abuse.
I disagree. The hash of the public-key is also open to abuse since it
does not securely include that key's validity date, does not include an
originally secure reference to a valid revocation mechanism linked to
the identity certificate from whence that public-key came and cannot
contain other warranties or insurance by extension from the identity
certificate itself. Please see my former e-mail.
However, I agree if one uses the whole identity certificate hash -- not
the public-key hash. This was also discussed in my former e-mail.
Cheers,
Ed Gerck
Follow-Ups: