[109555] in Cypherpunks
Re: KeyNote draft available, FYI
daemon@ATHENA.MIT.EDU (Ed Gerck)
Mon Mar 29 15:26:44 1999
Date: Mon, 29 Mar 1999 12:05:37 -0800
From: Ed Gerck <egerck@mcg.org.br>
To: spki@c2.net
CC: cypherpunks@cyberpass.net, cryptography@c2.net, dcsb@ai.mit.edu,
trust-ref@mcg.org.br, mab@research.att.com, trustmgt@east.isi.edu
Reply-To: Ed Gerck <egerck@mcg.org.br>
> Subject: KeyNote draft available, FYI
> Date: Sun, 28 Mar 1999 22:53:11 -0500
> From: Matt Blaze <mab@research.att.com>
> Sender: owner-spki@c2.net
> We have just about finished what we believe is the "stable" version of
> the KeyNote trust management language and reference implementation.
It is unfortunate in three counts that it continues to call "trust
management" what actually is "decision management" or, at most,
"authorization management".
First, because "trust management" would imply managing what you do not
control, an oxymoron and one which leads to a series of unrelated
assumptions regarding the usefullness of that "trust" tool.
Second, because trust is not boolean -- while your constructs are
entirely boolean. Thus, negating any real-wrold usefullness for your
tool if it is to be rated among anything that has to do with trust.
Third, the fact that people introduce soundbites like "trust management"
instead of using well-established words like "authorization management",
does not mean that any relevant conclusions can be drawn from the misuse
of terms like "trust" in the soundbite.
However, since a decision is *always* boolean, decision management is a
boolean problem amenable to your tool. Even though the whole process of
authorization is not representable by your tool (for example, the issues
of delegation are not boolean), one could still also use it for
authorization management in a restricted sense.
Thus, by using an unfitting name you actually deny the operational uses
which your tool might be actually useful for -- while making it pass for
what it is unfit.
> We expect to have the informational RFC describing the language
> submitted sometime next week and the official reference implementation
> available at about the same time.
I surely expect it NOT to be called "trust management".
Cheers,
Ed Gerck
_____________________________________________________________________
Dr.rer.nat. E. Gerck egerck@mcg.org.br
>
> I believe our design meets a wide range of requirements. We are using
> KeyNote for a number of interesting projects, as are some other
> researchers and developers.
>
> If you'd like an advance peek at what we're up to, I've put up a copy
> of the draft for anonymous FTP at
> <ftp://ftp.research.att.com/dist/mab/kndraft.txt>
> This is a draft that's likely to change slightly before being
> submitted, so please do not redistribue or mirror it.
>
> We'd appreciate your comments, either to me directly or on the trustmgt
> list.
>
> KeyNote is a small, flexible trust management system designed to be
> especially suitable for Internet-style applications. KeyNote provides
> a single, uniform language for specifying security policies and
> credentials, and can be used as an application policy description
> language as well as as a format for public-key credentials. KeyNote
> is a joint project of M. Blaze, J. Fiegenbaum, J. Ioannidis, and
> A. Keromytis.
>
> The KeyNote language and implementation are virtually without
> intellectual property constraints (as far as we know). We have not
> patented the KeyNote system or trust management generally (although of
> course anyone, including us, could invent and patent some specific
> novel application of trust management based on KeyNote). We might
> file a trademark on the name "KeyNote". Other than that, you can just
> use it. The KeyNote reference implementation will be available under
> a Berkeley-style open source license.
>
> I welcome your comments on our design.
>
> -matt
