[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "trust management" vs. "certified identity"



Futplex wrote:

> Frank O'Dwyer writes:

> > Plus, given secure identity (which might be an anonymous id), you can
> > layer the other stuff on top.
> 
> I am swayed by the view expounded by Carl Ellison that a key, not an
> identity, should be the anchor to which attributes are attached. (Sorry if
> I am misstating or oversimplifying the position here.) I think identity
> should be hung off the key as just another (optional) attribute.

  This is exactly how I view X509 Version 3 certificates.  You can attach
any sort of attribute to the key, including a name/identity.  Though the
spec gives the name preferential treatment for historical reasons, I
view it as just another optional attribute.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
[email protected] - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.