[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: X.509 ACs vs. SPKI?
Tony Bartoletti <azb@llnl.gov> writes:
> In the (exceptional?) case where two identical public keys are generated
> independently, and both happen to attempt access to the same resource,
> then the hash of the entire cert is a must for uniqueness.
I don't quite get it. I assume that by "generation" you mean
generation of a key_pair_? (As generating a public key without the
corresponding private key is pretty useless; no system will grant you
any access with the public part alone).
But to "happen" to independently regenerate somebody elses _private_
key is hard, as its equivalent to successfully breaking the public
key, by guessing. And if you somehow manage to generate/guess the
other person's key, we have some vastly more serious problems than
non-uniqueness of identifiers.
And the usual procedure is to consider that possiblity as small enough
to be safely neglected.
Or am I missing something?
Regards,
/Niels
Follow-Ups:
References: