[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Certificate proposal
At 10:04 AM 10/9/95 EDT, Carl Ellison <[email protected]> wrote:
>>I don't understand this whole discussion. A certificate is a signed
>>binding of a key and a unique name, right?
>It depends on how you define certificate. If you define it this way, then
>I'm proposing the elimination of certificates (because I'm eliminating the
>unique name as something different from a key).
>If you define certificate as I do -- as a bound statement of some attribute
>of a key, then it should become clearer. It's just that the attribute I'm
>binding is not some unique person-name -- rather something like permission
>to spend money from a bank account.
This doesn't necessarily eliminate certificates - while you have a signed
statement from Alice's key that she uses Bank Account X, and a signed statement
from Alice's key authorizing transfer of $D from Bank Account X to Bank
the Bank, or a customer, may refuse to accept the request unless there's
a signed statement from the Bank's key that Alice's key uses Account X.
None of these need Alice's name, or for that matter the Bank's, as long as
also a signed attribute statement from the Bank's key that it's a bank, etc.
The meaning of the certificates changes a bit, but there's still a certificate
from the bank binding Alice's Key to Alice's Bank Account.
# Thanks; Bill
# Bill Stewart, Freelance Information Architect, [email protected]
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281