From owner-spki@c2.net Wed May 26 14:21:02 1999 Received: from blacklodge.c2.net (blacklodge.c2.net [140.174.185.245]) by lox.sandelman.ottawa.on.ca (8.8.7/8.8.8) with ESMTP id OAA00750; Wed, 26 May 1999 14:20:59 -0400 (EDT) Received: (from majordom@localhost) by blacklodge.c2.net (8.8.8/8.7.3) id KAA20974 for spki-outgoing; Wed, 26 May 1999 10:27:31 -0700 (PDT) Message-Id: <3.0.3.32.19990526102609.00ad5690@poptop.llnl.gov> X-Sender: e048786@poptop.llnl.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Wed, 26 May 1999 10:26:09 -0700 To: Ed Gerck , spki@c2.net From: Tony Bartoletti Subject: Re: X.509 ACs vs. SPKI? In-Reply-To: <374B70BF.68E93E53@laser.cps.softex.br> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-spki@c2.net Precedence: bulk Ed, In the (exceptional?) case where two identical public keys are generated independently, and both happen to attempt access to the same resource, then the hash of the entire cert is a must for uniqueness. Aside from this condition, however, the hash of the public key is sufficient for (classic) SPKI operation where verifier = issuer (at least for chains of length 1). OK, that doesn't get one very far ... I can't see how to leverage the same assurance for longer chains. ___tony___ At 08:55 PM 5/25/99 -0700, Ed Gerck wrote: > >"Ellison, Carl M" wrote: > >> ... for secure binding, >> the hash of the public key is a fine globally unique identifier and an >> unanchored text name is wide open to abuse. > >I disagree. The hash of the public-key is also open to abuse since it >does not securely include that key's validity date, does not include an >originally secure reference to a valid revocation mechanism linked to >the identity certificate from whence that public-key came and cannot >contain other warranties or insurance by extension from the identity >certificate itself. Please see my former e-mail. > >However, I agree if one uses the whole identity certificate hash -- not >the public-key hash. This was also discussed in my former e-mail. > >Cheers, > >Ed Gerck > > Tony Bartoletti LL Center for Information Operations and Assurance LL LL Lawrence Livermore National Laboratory LL LL LL PO Box 808, L - 303 LL LL LL Livermore, CA 94551-9900 LL LL LLLLLLLL phone: 925-422-3881 fax: 925-423-8002 LL LLLLLLLL email: azb@llnl.gov LLLLLLLL