[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: X.509 ACs vs. SPKI?
At 03:24 PM 5/28/99 -0400, Stephen Kent wrote:
>
>No, the seacrching problem I refer to is due to the use of ANY hash as an ID.
>
>Steve
Slight digress from single/multiple hash algorithm support (I tend to agree
with Steve - a fixed algorithm seems destined for trouble...)
I have always been a bit puzzled by the position that indexing by hash value
is a "problem". Technically, it seems simple to structure/index an efficient
tree (order log n) search by hash value. Previous discussions reveal perhaps
that the culprit is distributed DB/Directory management: Its easy to say
that a given party controls the "OU=xxx" branch of the space, whereas division
of the tree by arbitrary numeric values does not lend itself to this kind of
delegated management.
However, the DN-based tree structure seems (unfortunately) to lend itself all
to easily to "trolling". (Let's see what lies in the C=X, OU=Y,... area.)
Comments?
___tony___
Tony Bartoletti LL
Center for Information Operations and Assurance LL LL
Lawrence Livermore National Laboratory LL LL LL
PO Box 808, L - 303 LL LL LL
Livermore, CA 94551-9900 LL LL LLLLLLLL
phone: 925-422-3881 fax: 925-423-8002 LL LLLLLLLL
email: azb@llnl.gov LLLLLLLL