At 9:41 AM -0700 10/2/97, David P. Kemp wrote:
SPKI principals are keys. If Alice's private key is compromised, then both
Alice (the good guy) and Bob (the bad guy) are now keyholders corresponding
to the single principal that you might refer to as alice, and there is no
way to distinguish between them. If "alice" creates an "I'm-gonna-be"
certificate delegating to a new principal, you have no idea whether that
certificate was actually created by the good keyholder or the bad keyholder.
...
In either case, key-centric models such as SPKI fail catastrophically -
if the key is revoked/expired, the principal has expired too, since
they are one in the same. You can't get around this simple fact by
delegating, because the key signing the delegation has (potentially
or actually) been compromised.
SPKI allows long lived keys (acting as principals) to issue certificates
for short lived signing keys, transferring all their authority to those
keys for a period of time. (SPKI does not support certificate revocation
because of the difficultly of ensuring that you have a current copy of the
revocation list.)
Note that this model is very similar to the model used by SET for its
certificate authority keys.
-------------------------------------------------------------------------
Bill Frantz | Internal surveillance | Periwinkle -- Consulting
(408)356-8506 | helped make the USSR the | 16345 Englewood Ave.
frantz(_at_)netcom(_dot_)com | nation it is today. | Los Gatos, CA
95032, USA