[643] in WWW Security List Archive
Re: Netscape Changes RSA tree
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Thu Apr 27 02:15:14 1995
To: Paul Leach <paulle@microsoft.com>
Cc: rens@imsi.com, wcs@anchor.ho.att.com, www-security@ns2.rutgers.edu,
owner-www-security@ns2.rutgers.edu
Date: Wed, 26 Apr 1995 22:14:37 EDT
From: Marc Horowitz <marc@mit.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
>> A tree is a always web; a web is not always a tree.
>> The "treeness" of many subgraphs in the web will make trust management
>> easier; the "webness" will allow freedom of entry, with the deciding
>> criteria the tradeoff between getting the extra trust links established
>> and the trustworthiness (for whatever your purposes are) of existing
>> hierarchies.
A web of trees is always a web of webs is always a web :-)
Why are you designing the tree part into your system? It doesn't
really help, because I still need to consider how much I trust a given
CA's certification policy.
It also limits things unnecessarily. If MIT's organizational CA fits
the policy for more than one "tree", why not allow it to be part of
both? And regardless of all that, I might choose to sign a relative's
or friend's key directly. I don't want to have one key pair as my
"Marc's CA" key, and another for day to day operations. (Actually, I
probably do, but I should be free to make that decision.
Tell me again what's wrong with a plain web? You almost certainly
want to have well-known policy bits encoded in each signature, but
that's not something you hardwire into the design.
Marc
