>From: Marshall Rose <mrose(_at_)us(_dot_)ca(_dot_)mtview(_dot_)dbc>
>Subject: Re: The relationship between an entry and a real-world object
>Date: Wed, 18 Aug 1993 16:40:22 -0700
So what we have now is something very simple: a certificate is an
identity statement which when referred to the CA can be mapped onto a
juridical person, via an already legally-established process such as
"here is Joe's and the notary public's thumbprints on a written
statement and agreement which legally binds Joe's certificate octets to
Joe the being." This is useful because one can infer the use of
Joe-name's private key securely because of the asymmetric key
properties. Chasing paper affadavits, one can even infer Joe, and the
name will help pinpoint the peice of paper quickly. Such written
statements are a normal part of certification procedures. This is PEM
in a paragraph: a substitution of un-registered postal mail, by
electronc messaging, with all those consequent benefits.
A very simple service, with massive benefits for commercial users
of messaging.
Now, the praxis of managing naming on a huge scale underpins the
effectiveness of PEM deployment - and will surely require a support,
protocol mechanism to guarantee non-ambiguity of schematic form, and
uniqueness of names. Secured name servers will surely play a big role
in the management of size. This will demand automation, without loss
of assurance for this vital function. Name servers can sign realtime
certificates which assert that committal procedures for name-database
implementations have been satisfied. Such is a highly-suitable basis for a
resource allocation service. There will be a need to certify the
quality of the procedures used for contention control, similar in
motive to those used for certificate issuance. This is one example
of Directory providers' Directory service.