ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Principles and Principals

1997-10-01 13:30:33
from [David P. Kemp] [Permanent Link] 
From: "Bonatti Chris" <bonattic(_at_)ieca(_dot_)com>


Ian Brown wrote :

The PGP public-key is the principal.


I think this is a great way to look at it. Using the public key, its
hash or fingerprint as *the* DN allows all sorts of important
functionality like authorisations.


The major problem with 'key-principal' architectures is the
revocation problem.

When my key is revoked/changed/upgraded/whathaveyou all
bindings are lost.


Pat,

     This is certainly not a major problem in the environments 
with which I am most familiar.  Certificate revokation (due to 
invalidation of one of the pieces of information bound into 
the certificate) is far more common than key revokation (due to 
loss or compromise of the key).  The former occurs when jobs, 
mailboxes, roles, or sometimes even authorizations change.  This 
happens at a much higher rate than key loss.


Key revocation due to compromise is far less common that normal
periodic key expiration in some environments.  Those of us who
are paranoid about security :-) change keys *more* often than we change
names/jobs/email-addresses/whatever.

"Key-principal" architectures such as the one Ron Rivest calls
"spooky/sudsy" make it very difficult to practice good key management.
The traditional model where keys are attributes of a principal, not
the principal itself, allows changing keys to be no more difficult
than changing jobs :-).



     This was one of the reasons that the attribute certificate 
emerged in X.509.  (There were other reasons too.)  It allowed a 
wide range of this "non-principal" binding data to be abstracted 
from the main structure.  This help to facilitate separate 
certificates for various functions.  Thus you can have one cert 
that just binds permanent info like a name or perhaps a 
lifetime identification (i.e., SSN) number to a key.


Excellent point.  Those who dislike global names (Distinguished Names,
DNS names, RFC-822 names, etc) could use "key-like" permanent names
(1024-bit random integers) in X.509 or PGP certificates without giving
up the ability for principals to update their keys.  Key-principal
architectures do not have this flexibility.



     There is great strength in this kind of modularity.  We 
should consider this concept in Open-PGP.


Absolutely.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Next by Date:  Fwd: WG Action: An Open Specification for Pretty Good Privacy (openpgp), John W. Noerenberg
Next by Thread:  Re: Principles and Principals, Ian Brown
Indexes:  [Date] [Thread] [Top] [All Lists]