1996-01-06 - Re: Revoking Old Lost Keys
Header Data
From: Alex Strasheim <cp@proust.suba.com>
To: mab@crypto.com (Matt Blaze)
Message Hash: 28de5a5d9bd225e5cbdff9b5206371f2b2983ba695148f063557c17a6c2373bd
Message ID: <199601061748.LAA06159@proust.suba.com>
Reply To: <199601061626.LAA06345@crypto.com>
UTC Datetime: 1996-01-06 18:12:10 UTC
Raw Date: Sun, 7 Jan 1996 02:12:10 +0800
Raw message
From: Alex Strasheim <cp@proust.suba.com>
Date: Sun, 7 Jan 1996 02:12:10 +0800
To: mab@crypto.com (Matt Blaze)
Subject: Re: Revoking Old Lost Keys
In-Reply-To: <199601061626.LAA06345@crypto.com>
Message-ID: <199601061748.LAA06159@proust.suba.com>
MIME-Version: 1.0
Content-Type: text
> Note that the problem here is in the basic trust model, not just the
> certificate distribution model (which is a separate problem). The lack of
> ability for a certifier to revoke his own certification, plus the lack of a
> facility to put limits on the duration and meaning of the certification,
> make PGP certificates of very limited practical value.
Isn't the last bit here, the part about duration and meaning, the
practical answer to the problem? Especially duration?
The stuff that's been going on lately with Netscape's browsers, Sameer's
apache ssl server, and the difficulty of getting CAs like verisign to
approve keys underscores the importance of this issue.
This is probably sort of half-baked, but is it possible to come up with a
formal grammar that would allow us to describe trust models in general?
What if we had a prolog-like system that allowed you to set up rules like:
"x is a student if x has got a signature from a school"
"x is a school if x has got a signature from the accredation authority"
"x belongs to the secret society of x has signatures from 3 other people
who have belonged to the society for more than a year, and if x is
a certified owner of a duck."
Wouldn't something like this give us the flexibility to use a PGPish model
of trust or an X.509ish model, or whatever else we wanted to do?
It seems to me that the rules that govern when you can accept which
signature ought to be data objects in a more flexible system, just as the
signatures themselves are data objects. That means that the rules
themselves ought to be subject to change, revokation, or revision.
The constitution wouldn't have survived if it didn't contain a mechanism
for ammendment. Wouldn't a model of trust with the same ability for
revision and extension be a lot more robust, and a lot more resistent to
centralized control?
Thread
Return to January 1996
- Return to “Alex Strasheim <cp@proust.suba.com>”
- Return to “Matt Blaze <mab@crypto.com>”
Return to “tcmay@got.net (Timothy C. May)”
- 1996-01-06 (Sat, 6 Jan 1996 16:06:07 +0800) - Re: Revoking Old Lost Keys - tcmay@got.net (Timothy C. May)
- 1996-01-06 (Sun, 7 Jan 1996 00:34:31 +0800) - Re: Revoking Old Lost Keys - Matt Blaze <mab@crypto.com>
- 1996-01-06 (Sun, 7 Jan 1996 02:12:10 +0800) - Re: Revoking Old Lost Keys - Alex Strasheim <cp@proust.suba.com>
- 1996-01-06 (Sun, 7 Jan 1996 02:34:23 +0800) - Re: Revoking Old Lost Keys - Matt Blaze <mab@crypto.com>
- 1996-01-06 (Sun, 7 Jan 1996 02:12:10 +0800) - Re: Revoking Old Lost Keys - Alex Strasheim <cp@proust.suba.com>
- 1996-01-06 (Sun, 7 Jan 1996 00:34:31 +0800) - Re: Revoking Old Lost Keys - Matt Blaze <mab@crypto.com>