[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate proposal



>Date: Thu, 5 Oct 1995 12:24:34 -0700
>From: Hal <[email protected]>

>I don't understand this whole discussion.  A certificate is a signed
>binding of a key and a unique name, right?

It depends on how you define certificate.  If you define it this way, then
I'm proposing the elimination of certificates (because I'm eliminating the
unique name as something different from a key).

If you define certificate as I do -- as a bound statement of some attribute
of a key, then it should become clearer.  It's just that the attribute I'm
binding is not some unique person-name -- rather something like permission
to spend money from a bank account.

>I'd like to see some grounding of this discussion in terms of the role of
>certificates, and ways to prevent man in the middle attacks.  I certainly
>have no love for facist worldwide ID cards and hierarchical, organization
>based naming schemes, but just using any old key because it seems to work
>OK most of the time isn't going to fly IMO.

The rest should be more clear if you read the rest of the backlog....

 - Carl

+--------------------------------------------------------------------------+
|Carl M. Ellison      [email protected]    http://www.clark.net/pub/cme	   |
|Trusted Information Systems, Inc.   http://www.tis.com/                   |
|3060 Washington Road          PGP 2.6.2:  61E2DE7FCB9D7984E9C8048BA63221A2|
|Glenwood MD  21738         Tel:(301)854-6889      FAX:(301)854-5363       |
+--------------------------------------------------------------------------+