[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Revoking Old Lost Keys
> Note that the problem here is in the basic trust model, not just the
> certificate distribution model (which is a separate problem). The lack of
> ability for a certifier to revoke his own certification, plus the lack of a
> facility to put limits on the duration and meaning of the certification,
> make PGP certificates of very limited practical value.
Isn't the last bit here, the part about duration and meaning, the
practical answer to the problem? Especially duration?
The stuff that's been going on lately with Netscape's browsers, Sameer's
apache ssl server, and the difficulty of getting CAs like verisign to
approve keys underscores the importance of this issue.
This is probably sort of half-baked, but is it possible to come up with a
formal grammar that would allow us to describe trust models in general?
What if we had a prolog-like system that allowed you to set up rules like:
"x is a student if x has got a signature from a school"
"x is a school if x has got a signature from the accredation authority"
"x belongs to the secret society of x has signatures from 3 other people
who have belonged to the society for more than a year, and if x is
a certified owner of a duck."
Wouldn't something like this give us the flexibility to use a PGPish model
of trust or an X.509ish model, or whatever else we wanted to do?
It seems to me that the rules that govern when you can accept which
signature ought to be data objects in a more flexible system, just as the
signatures themselves are data objects. That means that the rules
themselves ought to be subject to change, revokation, or revision.
The constitution wouldn't have survived if it didn't contain a mechanism
for ammendment. Wouldn't a model of trust with the same ability for
revision and extension be a lot more robust, and a lot more resistent to
centralized control?