[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: X.509 ACs vs. SPKI?

To: Tony Bartoletti <azb@llnl.gov>
Subject: Re: X.509 ACs vs. SPKI?
From: nisse@lysator.liu.se (Niels Möller)
Date: 26 May 1999 23:00:30 +0200
Cc: Ed Gerck <egerck@laser.cps.softex.br>, spki@c2.net
In-Reply-To: Tony Bartoletti's message of "Wed, 26 May 1999 10:26:09 -0700"
References: <3.0.3.32.19990526102609.00ad5690@poptop.llnl.gov>
Sender: owner-spki@c2.net

Tony Bartoletti <azb@llnl.gov> writes:

> In the (exceptional?) case where two identical public keys are generated
> independently, and both happen to attempt access to the same resource,
> then the hash of the entire cert is a must for uniqueness.

I don't quite get it. I assume that by "generation" you mean
generation of a key_pair_? (As generating a public key without the
corresponding private key is pretty useless; no system will grant you
any access with the public part alone).

But to "happen" to independently regenerate somebody elses _private_
key is hard, as its equivalent to successfully breaking the public
key, by guessing. And if you somehow manage to generate/guess the
other person's key, we have some vastly more serious problems than
non-uniqueness of identifiers.

And the usual procedure is to consider that possiblity as small enough
to be safely neglected.

Or am I missing something?

Regards,
/Niels

Follow-Ups:

Re: X.509 ACs vs. SPKI?

From: Tony Bartoletti <azb@llnl.gov>

References:

Re: X.509 ACs vs. SPKI?

From: Tony Bartoletti <azb@llnl.gov>

Prev by Date: Re: X.509 ACs vs. SPKI?
Next by Date: Re: X.509 ACs vs. SPKI?
Prev by thread: Re: X.509 ACs vs. SPKI?
Next by thread: Re: X.509 ACs vs. SPKI?
Index(es):
- Main
- Thread