From: Jeff Weinstein <jsw@netscape.com>
Date: Mon, 8 Jan 1996 14:06:19 +0800
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: Re: "trust management" vs. "certified identity"
In-Reply-To: <01BADC99.C7034FE0@dialup-169.dublin.iol.ie>
Message-ID: <30F0AEA5.64DD@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Futplex wrote:

> Frank O'Dwyer writes:

> > Plus, given secure identity (which might be an anonymous id), you can
> > layer the other stuff on top.
> 
> I am swayed by the view expounded by Carl Ellison that a key, not an
> identity, should be the anchor to which attributes are attached. (Sorry if
> I am misstating or oversimplifying the position here.) I think identity
> should be hung off the key as just another (optional) attribute.

  This is exactly how I view X509 Version 3 certificates.  You can attach
any sort of attribute to the key, including a name/identity.  Though the
spec gives the name preferential treatment for historical reasons, I
view it as just another optional attribute.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.