[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: X.509 ACs vs. SPKI?

"Ellison, Carl M" wrote:

> ... for secure binding,
> the hash of the public key is a fine globally unique identifier and an
> unanchored text name is wide open to abuse.

I disagree. The hash of the public-key is also open to abuse since it
does not securely include that key's validity date, does not include an
originally secure reference to a valid revocation mechanism linked to
the identity certificate from whence that public-key came and cannot
contain other warranties or insurance by extension from the identity
certificate itself.  Please see  my former e-mail.

However, I agree if  one uses the whole identity certificate hash -- not
the public-key hash. This was also discussed in my former e-mail.


Ed Gerck