1994-03-31 - Re: Very funny, Polyanna :-( [namespace pollution]
Header Data
From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
To: hughes@ah.com
Message Hash: 9afb81bcf1fd0cc6a401bd982d46e0afde238e79845fbeb27253a54d1b158e9c
Message ID: <9403310155.AA19126@anchor.ho.att.com>
Reply To: N/A
UTC Datetime: 1994-03-31 01:56:35 UTC
Raw Date: Wed, 30 Mar 94 17:56:35 PST
Raw message
From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Wed, 30 Mar 94 17:56:35 PST
To: hughes@ah.com
Subject: Re: Very funny, Polyanna :-( [namespace pollution]
Message-ID: <9403310155.AA19126@anchor.ho.att.com>
MIME-Version: 1.0
Content-Type: text/plain
> >gateways, and suddenly people using auto-encrypting mail programs
> >find that no-one can read their posts.
>
> Presence on a keyring means that a key exists, not that the owner of a
> key has a policy that it should always be used, or that it should be
> used by everybody. Both PGP and PEM get this completely wrong. Not
> every key will be used for every purpose. Mere existence of a key
> should not indicate permission to encrypt with it.
PGP lets you choose which key to use when you care, and
doesn't care what's in the Name field; if you want to implement behavior
inside of that it will handle it transparently; e.g.
"Digicash: Eric Hughes <hughes@accounts.cayman.digibank.com>"
(though it would be nice if it had more Unix-like regexp code for
selecting keys).
> No current cryptosystem has a way of specifying policy in a public key
> distribution system. I want separate keys for separate machines,
Policy isn't really the cryptosystem's job; it's the application's.
> >Whatever solution we can find will have to involve active support
> >from the keyservers I suspect.
> The key servers are just serving data. To add policy criteria to the
> key servers is to extend their functionality beyond their original
> intent.
The intent of keyservers is to have a convenient mechanism for finding
keys when you want them. Having specific keyservers keep track of
specific bunches of keys is a reasonable use of that convenience.
Maybe a bankers' association would run a keyserver to serve keys
for banks and (if appropriate) for customers, with the location
known by most of the common software, and maybe a remailer
operators' group would do the same for their remailer cooperative.
There are a lot of wys to use mechanisms...
Bill Stewart
Thread
Return to March 1994
Return to “wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)”
1994-03-31 (Wed, 30 Mar 94 17:56:35 PST) - Re: Very funny, Polyanna :-( [namespace pollution] - wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)