[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: X.509 ACs vs. SPKI?

At 03:24 PM 5/28/99 -0400, Stephen Kent wrote:
>No, the seacrching problem I refer to is due to the use of ANY hash as an ID.

Slight digress from single/multiple hash algorithm support (I tend to agree
with Steve - a fixed algorithm seems destined for trouble...)

I have always been a bit puzzled by the position that indexing by hash value
is a "problem".  Technically, it seems simple to structure/index an efficient
tree (order log n) search by hash value.  Previous discussions reveal perhaps
that the culprit is distributed DB/Directory management:  Its easy to say
that a given party controls the "OU=xxx" branch of the space, whereas division
of the tree by arbitrary numeric values does not lend itself to this kind of
delegated management.

However, the DN-based tree structure seems (unfortunately) to lend itself all
to easily to "trolling".  (Let's see what lies in the C=X, OU=Y,... area.)



Tony Bartoletti                                             LL
Center for Information Operations and Assurance          LL LL
Lawrence Livermore National Laboratory                LL LL LL
PO Box 808, L - 303                                   LL LL LL
Livermore, CA 94551-9900                              LL LL LLLLLLLL
phone: 925-422-3881   fax: 925-423-8002               LL LLLLLLLL
email: azb@llnl.gov                                   LLLLLLLL