[13617] in cryptography@c2.net mail archive
Re: SDSI/SPKI background
daemon@ATHENA.MIT.EDU (Stefan Mink)
Fri Jun 13 11:02:02 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 13 Jun 2003 12:00:49 +0200
From: Stefan Mink <mink@schlund.net>
To: Carl Ellison <cme@acm.org>
Cc: cryptography@metzdowd.com
In-Reply-To: <3.0.5.32.20030611215612.01d60d68@localhost>
--ONvqYzh+7ST5RsLk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi Carl,=20
On Wed, Jun 11, 2003 at 09:56:12PM -0700, Carl Ellison wrote:
> There's one draft that should have gone on to RFC, but people were
> using it from the draft instead. It's my fault that we left it at
> that stage and didn't publish the RFC. That's still on my list of
> things to do :-) It seems that other work kept getting in the way.
I guess its the draft about the certificate structure?
> stand-alone product like PGP. It's a tool to be used within other
> products. It's also almost exclusively for a closed authorization
> infrastructure, rather than an open naming infrastructure. In fact,
Is there a special reason why the authorisation system can't or
shouldn't be open here? Most systems and services are distributed and
are developed independently, so an open standard would be reasonable
here too, wouldn't it?
> under SPKI/SDSI thinking, a global naming instructure is not a proper
> use of one's time and energy. This is doubtless why the PKI Vendors
> react with hostility toward SPKI/SDSI.
agreed :)
> Yes. Check out KeyNote and PolicyMaker. There are links to those
> from my web page.
I couldn't access the latter one but found a copy on citeseer
> Of course, you don't have to use certificates for authorization. You
> can bind an authorization to a key in a protected database (a
> key-based ACL, in SPKI/SDSI terminology). Samples of that are SSH
> and X9.59.
sure, but I like the idea of storing the privileges independent of the
service instance; of course there are drawbacks (revocation)...
> We went on to use it in products and research.
>=20
> We were and are a group of developers and researchers, not standards
> writers. Standards writing is fundamentally boring.
:)
Thanks &&
tschuess
Stefan Mink
--=20
Stefan Mink, Schlund+Partner AG (AS 8560)
Primary key fingerprint: 389E 5DC9 751F A6EB B974 DC3F 7A1B CF62 F0D4 D2BA
--ONvqYzh+7ST5RsLk
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE+6aDRehvPYvDU0roRAllKAJ9lrImWPkuuUHGAvPcUapVSvHg5PQCg3sfF
HVLB126tSXjd/BAORkIyepM=
=eBbW
-----END PGP SIGNATURE-----
--ONvqYzh+7ST5RsLk--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
