Hi folks, As promised to Carl I have done a draft of an ECC key format for SPKI. The idea being to plug in the gap in the following document... ...
Nigel Smart
nigel@...
Mar 10, 2000 9:31 am
863
hi, i hope this request of mine is not inappropriate on this list. my apologies in advance if it is. i'm looking for any information about authentication...
Aaron Stromas
astromas@...
Mar 24, 2000 3:35 pm
864
thanks, derric. i understand that pkix incorporates the hierarchical trust model. yet, the protocol utilising digital certificates that is used on the web in...
Aaron Stromas
astromas@...
Mar 24, 2000 5:10 pm
865
... Hash: SHA1 ... the ... find ... to ... Aaron, I would suggest reading the PKIX drafts and RFCs, for answers to questions about what they propose. They...
Carl Ellison
cme@...
Mar 24, 2000 7:30 pm
866
Aaron, the assumption that PKIX incorporates or somehow necessitates a hierarchical trust model is often made, but is completely incorrect. The relying party...
BJUENEMAN@...
Mar 25, 2000 12:40 am
867
... Hash: SHA1 ... Let me second you on this point. This is really important and most people seem to miss it. Of course, with SPKI we've avoided it. We don't...
Carl Ellison
cme@...
Mar 25, 2000 2:11 am
868
Well, the US Federal Bridge CA project (I assume that's the reference) is pretty well thought out on this issue, as far as I can tell. There are being very ...
Martin Smith
mfsmith@...
Apr 1, 2000 9:16 pm
869
... I was tempted to respond to something Bob Jueneman said a week or so ago. Now this really prompts me to ramble on. Warning, this is going to be about...
Eric Norman
ejnorman@...
Apr 12, 2000 6:32 am
870
There's an aspect about names that I've never seen mentioned; so I'll mention it. Perhaps that means I just haven't read the right stuff, but I've read an...
Eric Norman
ejnorman@...
Apr 12, 2000 11:23 am
871
Eric, SPKI certificates grant authority, not identity per-se. If I am Student-X, and the University-Of-Wisconsin deems to certify my key by signing it with...
Tony Bartoletti
azb@...
Apr 12, 2000 11:40 am
872
I found your ideas quite interesting, and with merit, though I myself am not an expert on these matters. However, I do have a concern. In all of your examples,...
Mason, Shane
smason@...
Apr 12, 2000 1:55 pm
873
... Hash: SHA1 ... I agree with Tony, of course, but I've also been thinking lately about the difference between carrying authorization information in...
Carl Ellison
cme@...
Apr 12, 2000 1:56 pm
874
... Hash: SHA1 ... I haven't finished reading your message, and am behind on reading others, but this is a key point. We deal with things that are transitive: ...
Carl Ellison
cme@...
Apr 12, 2000 2:00 pm
875
... Hash: SHA1 ... Or, instead of "revoking an identity" you can speak of "removing the power you had granted to a key". ... Version: PGP 6.5.2 ...
Carl Ellison
cme@...
Apr 12, 2000 2:13 pm
876
... Hash: SHA1 Bob, thank you for the thoughtful message. Good stuff there. I have just a couple of nits. ... My question about scaling is in size of any...
Carl Ellison
cme@...
Apr 12, 2000 2:13 pm
877
... Hash: SHA1 ... Hi David. SPKI does indeed address (2). First we address it by noting that anyone who uses a global ID and expects that to be meaningful to...
Carl Ellison
cme@...
Apr 12, 2000 2:29 pm
878
... Hash: SHA1 ... We considered and rejected the idea of granting the authority to delegate but not the authority to do. You can check the archives for that ...
Carl Ellison
cme@...
Apr 12, 2000 2:37 pm
879
... Hash: SHA1 ... In fact, the correct number of possible relationships is the number of possible relationships among people in the world. Any mechanism for ...
Carl Ellison
cme@...
Apr 12, 2000 2:42 pm
880
... Carl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ... Carl> Or, instead of "revoking an identity" you can speak of Carl> "removing the power you had...
Paul Koning
pkoning@...
Apr 12, 2000 4:29 pm
881
Carl, Certainly there is a one-time opportunity for error when one person attempts to contact another (unknown) person for the first time based on limited...
David P. Kemp
dpkemp@...
Apr 12, 2000 4:57 pm
882
I've been mulling over David's reply and several of the others made recently. (For what it is worth, I do not agree that this discussion belongs on cert-talk,...
Bob Jueneman
BJUENEMAN@...
Apr 12, 2000 5:23 pm
883
... Sorry, I just can't resist injecting some gratuitous silliness. Suppose we ask: what's the probability that two 1000 bit RSA keys generated at random will...
Eric Norman
ejnorman@...
Apr 12, 2000 5:58 pm
884
... Hash: SHA1 ... Hi David. The theory you're working on sounds good, but I don't buy it. We need experimental evidence, one way or the other. My experimental...
Carl Ellison
cme@...
Apr 12, 2000 7:09 pm
885
... Let's make sure that we agree on what that word "transitive" means; here's what I think it means (I'm a math major). Delegating authority or granting...
Eric Norman
ejnorman@...
Apr 12, 2000 7:18 pm
886
... Hash: SHA1 At 11:45 AM 4/12/00 -0700, Carl Ellison wrote: Assuming this is correct, ... One key per nanosecond, in 1 million years, is approximately 3e22...
Carl Ellison
cme@...
Apr 12, 2000 7:20 pm
887
... Hash: SHA1 My own derivation of the probability of collision approximates to: P = m^2/(2n) where n is the size of the name space (e.g., 2^{1000}) and m is...
Carl Ellison
cme@...
Apr 12, 2000 7:20 pm
888
... Hash: SHA1 ... If we're using the SHA-1 hash of the key instead of the key as the name of the keyholder, then the denominator is only 2^160 or about...
Carl Ellison
cme@...
Apr 12, 2000 7:30 pm
889
... Hash: SHA1 ... We record it together since it's a modifier on the other permission (takes the other permission as a parameter). We might have expressed it...
Carl Ellison
cme@...
Apr 12, 2000 7:30 pm
890
... Hash: SHA1 ... It's only 1/2 that. Still, as Eric said, we're being silly. ... Version: PGP 6.5.2 ...
Carl Ellison
cme@...
Apr 12, 2000 7:37 pm
891
... = 2e514. ... OK, here's what the back of my napkin says. Seconds / year = 2e25. Nanoseconds / second = 2e30. Years / million years = 2e20. So nanoseconds /...
