[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate proposal



At 10:04 AM 10/9/95 EDT, Carl Ellison <[email protected]> wrote:
>>I don't understand this whole discussion.  A certificate is a signed
>>binding of a key and a unique name, right?
>It depends on how you define certificate.  If you define it this way, then
>I'm proposing the elimination of certificates (because I'm eliminating the
>unique name as something different from a key).
>
>If you define certificate as I do -- as a bound statement of some attribute
>of a key, then it should become clearer.  It's just that the attribute I'm
>binding is not some unique person-name -- rather something like permission
>to spend money from a bank account.

This doesn't necessarily eliminate certificates - while you have a signed
statement from Alice's key that she uses Bank Account X, and a signed statement
from Alice's key authorizing transfer of $D from Bank Account X to Bank
Account Y,
the Bank, or a customer, may refuse to accept the request unless there's 
a signed statement from the Bank's key that Alice's key uses Account X.
None of these need Alice's name, or for that matter the Bank's, as long as
there's
also a signed attribute statement from the Bank's key that it's a bank, etc. 
The meaning of the certificates changes a bit, but there's still a certificate
from the bank binding Alice's Key to Alice's Bank Account.
#---
#                                       Thanks;  Bill
# Bill Stewart, Freelance Information Architect, [email protected]
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---