[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: X.509 ACs vs. SPKI?

To: spki@c2.net
Subject: Re: X.509 ACs vs. SPKI?
From: Kent Crispin <kent@songbird.com>
Date: Tue, 1 Jun 1999 18:30:28 -0700
In-Reply-To: <375474D4.934D4AAA@laser.cps.softex.br>; from Ed Gerck on Tue, Jun 01, 1999 at 05:03:32PM -0700
Mail-Followup-To: spki@c2.net
References: <374B70BF.68E93E53@laser.cps.softex.br> <374D6677.291DB02A@acm.org> <375474D4.934D4AAA@laser.cps.softex.br>
Sender: owner-spki@c2.net

On Tue, Jun 01, 1999 at 05:03:32PM -0700, Ed Gerck wrote:
[...]
> >
> > It is not clear to me that you would want to revoke an identifier.  An
> > identifier is just a byte string.  The hash of the public key is a byte
> > string that you know is globally unique and is tied 1:1 with a private
> > key.
> 
> In Logic, one distinguishes between material values and formal values.
> The formal value of the public-key hash is its byte string (as you say)
> and is immutable after issuance. On the other hand, the material value
> is what it denotes and this can change at any time -- for example, it may
> now denote a revoked key. Thus, the material value of the same formal
> identifier may change at any time.

But the binding between the key and the hash is the binding of 
interest.  That the key may have been revoked is not relevant to 
that binding.

Hashing an entire cert may indeed be useful, but precisely the same 
argument applies -- certs are not completely self-contained 
self-referential atoms; they have "material values" as well, and 
those "material values" may change.

> In software engineering terms, the public-key hash is a pointer and we
> likewise distinguish between the pointer's value (which would be its
> value as a byte string ) and what it denotes (its validity, use, warranties,
> etc.) -- usually called its attributes.

However, this analogy is not accurate.  What the hash "points" to
can't change -- notice the "1:1" in Carl's statement. 

> Thus, likewise in Logic, I believe my sentence above is clear -- we need
> to be able to look up also the hash's material value, not only its formal
> value, if we are willing to designate any material significance to its use.
> That is why the hash alone cannot be used and such would be a serious
> security fault if you are dealing with material values.

But you are not dealing with "material values"...  there is no
general way, in principle, to make a hash of "material values". 

-- 
Kent Crispin                               "Do good, and you'll be
kent@songbird.com                           lonesome." -- Mark Twain

References:

Re: X.509 ACs vs. SPKI?

From: Ed Gerck <egerck@laser.cps.softex.br>

Re: X.509 ACs vs. SPKI?

From: Carl Ellison <cme@acm.org>

Re: X.509 ACs vs. SPKI?

From: Ed Gerck <egerck@laser.cps.softex.br>

Prev by Date: Re: X.509 ACs vs. SPKI?
Next by Date: Re: opens source SPKI implementations?
Prev by thread: Re: X.509 ACs vs. SPKI?
Next by thread: Re: X.509 ACs vs. SPKI?
Index(es):
- Main
- Thread