Re: X.509 ACs vs. SPKI?

[Ed Gerck <egerck@laser.cps.softex.br>]

"Ellison, Carl M" wrote:

> ... for secure binding,
> the hash of the public key is a fine globally unique identifier and an
> unanchored text name is wide open to abuse.

I disagree. The hash of the public-key is also open to abuse since it
does not securely include that key's validity date, does not include an
originally secure reference to a valid revocation mechanism linked to
the identity certificate from whence that public-key came and cannot
contain other warranties or insurance by extension from the identity
certificate itself.  Please see  my former e-mail.

However, I agree if  one uses the whole identity certificate hash -- not
the public-key hash. This was also discussed in my former e-mail.

Cheers,

Ed Gerck

---

Follow-Ups:

• Re: X.509 ACs vs. SPKI?
• From: Tony Bartoletti <azb@llnl.gov>
• Re: X.509 ACs vs. SPKI?
• From: Carl Ellison <cme@acm.org>

---

• Prev by Date: Re: X.509 ACs vs. SPKI?
• Next by Date: Re: X.509 ACs vs. SPKI?
• Prev by thread: Re: X.509 ACs vs. SPKI?
• Next by thread: Re: X.509 ACs vs. SPKI?
• Index(es):
  • Main
  • Thread