From: Carl Ellison <cme@TIS.COM>
Date: Mon, 9 Oct 95 07:07:00 PDT
To: hfinney@shell.portal.com
Subject: Re: Certificate proposal
In-Reply-To: <199510061910.MAA06560@comsec.com>
Message-ID: <9510091404.AA12463@tis.com>
MIME-Version: 1.0
Content-Type: text/plain


>Date: Thu, 5 Oct 1995 12:24:34 -0700
>From: Hal <hfinney@shell.portal.com>

>I don't understand this whole discussion.  A certificate is a signed
>binding of a key and a unique name, right?

It depends on how you define certificate.  If you define it this way, then
I'm proposing the elimination of certificates (because I'm eliminating the
unique name as something different from a key).

If you define certificate as I do -- as a bound statement of some attribute
of a key, then it should become clearer.  It's just that the attribute I'm
binding is not some unique person-name -- rather something like permission
to spend money from a bank account.

>I'd like to see some grounding of this discussion in terms of the role of
>certificates, and ways to prevent man in the middle attacks.  I certainly
>have no love for facist worldwide ID cards and hierarchical, organization
>based naming schemes, but just using any old key because it seems to work
>OK most of the time isn't going to fly IMO.

The rest should be more clear if you read the rest of the backlog....

 - Carl

+--------------------------------------------------------------------------+
|Carl M. Ellison      cme@tis.com    http://www.clark.net/pub/cme	   |
|Trusted Information Systems, Inc.   http://www.tis.com/                   |
|3060 Washington Road          PGP 2.6.2:  61E2DE7FCB9D7984E9C8048BA63221A2|
|Glenwood MD  21738         Tel:(301)854-6889      FAX:(301)854-5363       |
+--------------------------------------------------------------------------+