From: "Bonatti Chris" <bonattic(_at_)ieca(_dot_)com>
Ian Brown wrote :
The PGP public-key is the principal.
I think this is a great way to look at it. Using the public key, its
hash or fingerprint as *the* DN allows all sorts of important
functionality like authorisations.
The major problem with 'key-principal' architectures is the
revocation problem.
When my key is revoked/changed/upgraded/whathaveyou all
bindings are lost.
Pat,
This is certainly not a major problem in the environments
with which I am most familiar. Certificate revokation (due to
invalidation of one of the pieces of information bound into
the certificate) is far more common than key revokation (due to
loss or compromise of the key). The former occurs when jobs,
mailboxes, roles, or sometimes even authorizations change. This
happens at a much higher rate than key loss.
Key revocation due to compromise is far less common that normal
periodic key expiration in some environments. Those of us who
are paranoid about security :-) change keys *more* often than we change
names/jobs/email-addresses/whatever.
"Key-principal" architectures such as the one Ron Rivest calls
"spooky/sudsy" make it very difficult to practice good key management.
The traditional model where keys are attributes of a principal, not
the principal itself, allows changing keys to be no more difficult
than changing jobs :-).
This was one of the reasons that the attribute certificate
emerged in X.509. (There were other reasons too.) It allowed a
wide range of this "non-principal" binding data to be abstracted
from the main structure. This help to facilitate separate
certificates for various functions. Thus you can have one cert
that just binds permanent info like a name or perhaps a
lifetime identification (i.e., SSN) number to a key.
Excellent point. Those who dislike global names (Distinguished Names,
DNS names, RFC-822 names, etc) could use "key-like" permanent names
(1024-bit random integers) in X.509 or PGP certificates without giving
up the ability for principals to update their keys. Key-principal
architectures do not have this flexibility.
There is great strength in this kind of modularity. We
should consider this concept in Open-PGP.
Absolutely.