[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PolicyMaker paper available



[email protected] posted:
>A number of people have been asking me about some work I've been doing
>(with Joan Feigenbaum and Jack Lacy) on alternatives to traditional
>(X.509, PGP, etc.) identity-based certificates.  We've just finished
>up our paper on the concept, "Decentralized Trust Management", to
>appear at the Oakland Security Conference in May.
>
>A PostScript pre-print is available in
>     ftp://research.att.com/dist/mab/policymaker.ps

I D/Led this file last night & printed it out. I was a little suspicious
at first because you'd think if AT&T really wanted people to read (instead
of just wanting to say they published it) they'd put it on the web in http
and not use obscure printer codes. But after I read it my suspicious
nature was confirmed.

Behind all the obscure printer codes and fancy language, it is obvious to
anyone with half a brain that this is just a move by AT&T to put itself
on top of the internet certificate hierarchy where your're locked in
to using AT&T software and internet service (just like RSA and Netscape).
You have to license AT&T code to use it and you need an AT&T approved
policy attribute or something in order to make it work.

Ask yourself why they'd publish this otherwise. Hint: youre safer trusting
university research than corporate research-marketing.

PGP is good enuf for me.

>-matt
>
>[NB: I no longer read the cypherpunks list with any regularity, so
>please cc me directly on any comments or discussion.  Thanks.]

Uh huhhhhhh. Blaze and AT&T are no friends of the cypherpunks and no
longer even condesend to pretend as much.

Don't even ask me about their motives for supporting the Leahy
key escrow bill.