[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: X.509 ACs vs. SPKI?

To: Stephen Kent <kent@bbn.com>, "Aram Perez" <aram@apple.com>
Subject: Re: X.509 ACs vs. SPKI?
From: Tony Bartoletti <azb@llnl.gov>
Date: Fri, 28 May 1999 13:20:24 -0700
Cc: ietf-pkix@imc.org, spki@c2.net
In-Reply-To: <v04020a06b3749afb60ae@[128.89.0.110]>
References: <199905281831.LAA15698@scv1.apple.com>
Sender: owner-spki@c2.net

At 03:24 PM 5/28/99 -0400, Stephen Kent wrote:
>
>No, the seacrching problem I refer to is due to the use of ANY hash as an ID.
>
>Steve

Slight digress from single/multiple hash algorithm support (I tend to agree
with Steve - a fixed algorithm seems destined for trouble...)

I have always been a bit puzzled by the position that indexing by hash value
is a "problem".  Technically, it seems simple to structure/index an efficient
tree (order log n) search by hash value.  Previous discussions reveal perhaps
that the culprit is distributed DB/Directory management:  Its easy to say
that a given party controls the "OU=xxx" branch of the space, whereas division
of the tree by arbitrary numeric values does not lend itself to this kind of
delegated management.

However, the DN-based tree structure seems (unfortunately) to lend itself all
to easily to "trolling".  (Let's see what lies in the C=X, OU=Y,... area.)

Comments?

___tony___

Tony Bartoletti                                             LL
Center for Information Operations and Assurance          LL LL
Lawrence Livermore National Laboratory                LL LL LL
PO Box 808, L - 303                                   LL LL LL
Livermore, CA 94551-9900                              LL LL LLLLLLLL
phone: 925-422-3881   fax: 925-423-8002               LL LLLLLLLL
email: azb@llnl.gov                                   LLLLLLLL

Prev by Date: Re: X.509 ACs vs. SPKI?
Next by Date: Re: X.509 ACs vs. SPKI?
Prev by thread: Re: X.509 ACs vs. SPKI?
Next by thread: Re: X.509 ACs vs. SPKI?
Index(es):
- Main
- Thread