[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: X.509 ACs vs. SPKI?

Tony Bartoletti <azb@llnl.gov> writes:

> In the (exceptional?) case where two identical public keys are generated
> independently, and both happen to attempt access to the same resource,
> then the hash of the entire cert is a must for uniqueness.

I don't quite get it. I assume that by "generation" you mean
generation of a key_pair_? (As generating a public key without the
corresponding private key is pretty useless; no system will grant you
any access with the public part alone).

But to "happen" to independently regenerate somebody elses _private_
key is hard, as its equivalent to successfully breaking the public
key, by guessing. And if you somehow manage to generate/guess the
other person's key, we have some vastly more serious problems than
non-uniqueness of identifiers.

And the usual procedure is to consider that possiblity as small enough
to be safely neglected.

Or am I missing something?


Follow-Ups: References: