Re: Very funny, Polyanna :-( [namespace pollution]

[wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)]

> >gateways, and suddenly people using auto-encrypting mail programs
> >find that no-one can read their posts.
> 
> Presence on a keyring means that a key exists, not that the owner of a
> key has a policy that it should always be used, or that it should be
> used by everybody.  Both PGP and PEM get this completely wrong.  Not
> every key will be used for every purpose.  Mere existence of a key
> should not indicate permission to encrypt with it.

PGP lets you choose which key to use when you care, and
doesn't care what's in the Name field; if you want to implement behavior
inside of that it will handle it transparently; e.g.
	"Digicash: Eric Hughes <hughes@accounts.cayman.digibank.com>"
(though it would be nice if it had more Unix-like regexp code for 
selecting keys).

> No current cryptosystem has a way of specifying policy in a public key
> distribution system.  I want separate keys for separate machines,
Policy isn't really the cryptosystem's job; it's the application's.

> >Whatever solution we can find will have to involve active support
> >from the keyservers I suspect.  
> The key servers are just serving data.  To add policy criteria to the
> key servers is to extend their functionality beyond their original
> intent.

The intent of keyservers is to have a convenient mechanism for finding 
keys when you want them.  Having specific keyservers keep track of
specific bunches of keys is a reasonable use of that convenience.
Maybe a bankers' association would run a keyserver to serve keys
for banks and (if appropriate) for customers, with the location
known by most of the common software, and maybe a remailer
operators' group would do the same for their remailer cooperative.
There are a lot of wys to use mechanisms...

		Bill Stewart