To: hallam@Etna.ai.mit.edu From: Carl Ellison Subject: Re: SDSI name interpretation Cc: spki@c2.org, hallam@Etna.ai.mit.edu Bcc: X-Attachments: At 05:04 PM 6/14/96 -0400, hallam@Etna.ai.mit.edu wrote: > >>I have to come down on the side of SDSI's original scheme. What you're >>asking for is covered by SDSI as (rsa.com's DNS's verisign.com) which is >>probably the same as (openmarket's DNS's verisign.com). > >No, this is not the same at all. You are assuming that the party rsa considers >to be DNS is the same party as the one I consider to be DNS. Phill, I think it's the other way around. I believe *you* are assuming that each of us sees the same DNS. The SDSI way of writing that at least inspires the question: "Does (rsa.com's DNS) = (openmarket.com's DNS)?" Furthermore, the question can be answered. By comparing the public key of (rsa.com's DNS) to the public key of (openmarket.com's DNS), I can learn definitively that they're the same, assuming the public keys are. If they're not, I can ask RSA and Openmarket for clarification -- possibly warning them that one of them may have been spoofed in a very serious way. >The distinction is between the party that X calls Y and the party that X >believes to be generally known as Y. I just don't buy the "X believes to be generally known as Y" construct carries the same solidity as "X calls Y". The "generally known as" construct assumes there is a global, shared name space. Outside of Bill Clinton and a handful of others, I don't know who else would be in that name space. >The problem with the private namespaces approach is that the namespace is >unbounded even for a finite number of participants. > > >I think that the use of relative names needs to be confined to the one area >where they are relevant - the establishment of the Web of trust itself. >Unless there is a clear principle that the parties are all seeking to establish >a common binding to a particular name I don't see that there is much value in >the process. I think we are forced by human nature to use relative names for everything. To me, this is like Einstein's Relativity. There *is* no global name space. - Carl From ???@??? Sat Jun 15 11:33:22 1996 Return-Path: Received: from callandor.cybercash.com (callandor1.cybercash.com) by cybercash.com (4.1/SMI-4.1) id AA02167; Fri, 14 Jun 96 19:05:10 EDT Received: by callandor.cybercash.com; id TAA23585; Fri, 14 Jun 1996 19:01:59 -0400 Received: from infinity.c2.org(140.174.185.11) by callandor.cybercash.com via smap (V3.1) id xma023583; Fri, 14 Jun 96 19:01:49 -0400 Received: (from daemon@localhost) by infinity.c2.org (8.7.4/8.6.9) id PAA13166 for spki-outgoing; Fri, 14 Jun 1996 15:55:30 -0700 (PDT) Community ConneXion: Privacy & Community: Message-Id: <2.2.32.19960614225647.008b7b34@cybercash.com> X-Sender: cme@cybercash.com X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 14 Jun 1996 18:56:47 -0400 To: hallam@Etna.ai.mit.edu From: Carl Ellison Subject: Re: SDSI name interpretation Cc: spki@c2.org, hallam@Etna.ai.mit.edu Sender: owner-spki@c2.org Precedence: bulk At 05:04 PM 6/14/96 -0400, hallam@Etna.ai.mit.edu wrote: > >>I have to come down on the side of SDSI's original scheme. What you're >>asking for is covered by SDSI as (rsa.com's DNS's verisign.com) which is >>probably the same as (openmarket's DNS's verisign.com). > >No, this is not the same at all. You are assuming that the party rsa considers >to be DNS is the same party as the one I consider to be DNS. Phill, I think it's the other way around. I believe *you* are assuming that each of us sees the same DNS. The SDSI way of writing that at least inspires the question: "Does (rsa.com's DNS) = (openmarket.com's DNS)?" Furthermore, the question can be answered. By comparing the public key of (rsa.com's DNS) to the public key of (openmarket.com's DNS), I can learn definitively that they're the same, assuming the public keys are. If they're not, I can ask RSA and Openmarket for clarification -- possibly warning them that one of them may have been spoofed in a very serious way. >The distinction is between the party that X calls Y and the party that X >believes to be generally known as Y. I just don't buy the "X believes to be generally known as Y" construct carries the same solidity as "X calls Y". The "generally known as" construct assumes there is a global, shared name space. Outside of Bill Clinton and a handful of others, I don't know who else would be in that name space. >The problem with the private namespaces approach is that the namespace is >unbounded even for a finite number of participants. > > >I think that the use of relative names needs to be confined to the one area >where they are relevant - the establishment of the Web of trust itself. >Unless there is a clear principle that the parties are all seeking to establish >a common binding to a particular name I don't see that there is much value in >the process. I think we are forced by human nature to use relative names for everything. To me, this is like Einstein's Relativity. There *is* no global name space. - Carl +--------------------------------------------------------------------------+ |Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme | |CyberCash, Inc. http://www.cybercash.com/ | |207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 | |Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 | +--------------------------------------------------------------------------+