From owner-spki@c2.net Thu Mar 11 13:49:53 1999 Received: from blacklodge.c2.net (blacklodge.c2.net [140.174.185.245]) by lox.sandelman.ottawa.on.ca (8.8.7/8.8.8) with ESMTP id NAA04451; Thu, 11 Mar 1999 13:49:51 -0500 (EST) Received: (from majordom@localhost) by blacklodge.c2.net (8.8.8/8.7.3) id JAA21834 for spki-outgoing; Thu, 11 Mar 1999 09:58:57 -0800 (PST) Message-ID: <4575832C8E71D111AC4100A0C96B51270235F549@fmsmsx36.fm.intel.com> From: "Ellison, Carl M" To: "'Gunther Schadow'" , "Ellison, Carl M" , cme@alum.mit.edu, cme@jf.intel.com Cc: blampson@microsoft.com, bt0008@entropy.sbc.com, frantz@netcom.com, perry@piermont.com, smb@research.att.com, spki@c2.net, ylo@ssh.fi Subject: RE: Where is Carl M. Ellison? Date: Thu, 11 Mar 1999 09:34:55 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-spki@c2.net Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gunther, you found me. I don't know which addresses failed for you, but I'd like to hear about that. It suggests that my ISPs might be flaky. All the addresses in the To: line work for me. clark.net seems to be down at the moment -- or recovering from a crash -- so my home page isn't available. When it's back up, the paper you want is at http://www.pobox.com/~cme/usenix.html The bibliographic reference is: Ellison, Carl, "Establishing Identity Without Certification Authorities", 6th USENIX Security Symposium, July 1996. SPKI is alive and well. I'm here at Intel working on our implementation and use of it -- and of authorization in general, no matter what certificate mix people provide. I'll be happy to point people at details about that solution set. There are 4 drafts defining SPKI. The first two (requirements and theory) are ready to be moved over to RFC, in my opinion, but that takes action by Steve Bellovin and Perry Metzger. The structure draft is one I'm revising -- much too slowly for my desires, thanks to all the work I'm doing here at Intel -- but that will be available shortly for voting to RFC. Meanwhile, there are a number of implementations based on the drafts and a handful of applications using them. As for SPKI vs. PKIX -- we're addressing different topics. PKIX is building support for identity certificates provided by CAs external to the user (typically a commercial entity or a corporate CA center). SPKI deals with direct authorization of keys and personal ID certs (via SDSI), not with central commercial CA support. I personally believe the SPKI approach is superior, of course, but we'll discover that as the years go by. [Ob plug]: as part of the CDSA effort, through the OpenGroup, we have defined an authorization computation mechanism (as detailed in the theory document as 5-tuple reduction) which operates on certificates of all forms, not just SPKI. We have also defined support for certificates of the various X.509 flavors, SPKI/SDSI, and PGP. The objective of that effort is to give the implementer a choice of format, so that he can select the one that best fits his needs, but still allow him to do the full authorization computation as detailed in the SPKI documents. As I said, I believe the SPKI format meets these needs the best (most securely by a large factor, most simply and most directly) -- but we'll see what developers decide. - Carl - -----Original Message----- From: Gunther Schadow [mailto:schadow@aurora.rg.iupui.edu] Sent: Thursday, March 11, 1999 8:32 AM To: carl.m.ellison@intel.com; cme@alum.mit.edu; cme@jf.intel.com Cc: blampson@microsoft.com; bt0008@entropy.sbc.com; frantz@netcom.com; perry@piermont.com; smb@research.att.com; spki@c2.net; ylo@ssh.fi Subject: Where is Carl M. Ellison? Hi, I am looking for Carl M. Ellison. I have a couple of questions. I have read some of his stuff on identity certificates and I like it. Now I am writing an article and I need bibliographic references. Especially I would like to cite the paper "Establishing Identity Without Certification Authorities". Most of his older e-mail addresses and non of his web site HREFs seems to have ceased work. Let's hope I can find you him out there. As for a related issue: I like the general thrust of SPKI but I have heard sad news that the PKI might possibly succeed and SPKI might get lost. What are your hopes that keep you working on SPKI? regards - -Gunther Gunther Schadow ----------------------------------- http://aurora.rg.iupui.edu Regenstrief Institute for Health Care 1001 W 10th Street RG5, Indianapolis IN 46202, Phone: (317) 630 7960 schadow@aurora.rg.iupui.edu ---------------------- #include -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.0.2 iQA/AwUBNuf+v8xqBGb+WvJAEQLrLQCdFRXfI2NAY3Eb4kfCsXkX9xHOy/sAn0zw ptxwRca7I71RQgYKCU6klAz2 =OzaT -----END PGP SIGNATURE-----