At 10:04 AM 10/9/95 EDT, Carl Ellison <cme@TIS.COM> wrote:
I don't understand this whole discussion. A certificate is a signed binding of a key and a unique name, right? It depends on how you define certificate. If you define it this way, then I'm proposing the elimination of certificates (because I'm eliminating the unique name as something different from a key).
If you define certificate as I do -- as a bound statement of some attribute of a key, then it should become clearer. It's just that the attribute I'm binding is not some unique person-name -- rather something like permission to spend money from a bank account.
This doesn't necessarily eliminate certificates - while you have a signed statement from Alice's key that she uses Bank Account X, and a signed statement from Alice's key authorizing transfer of $D from Bank Account X to Bank Account Y, the Bank, or a customer, may refuse to accept the request unless there's a signed statement from the Bank's key that Alice's key uses Account X. None of these need Alice's name, or for that matter the Bank's, as long as there's also a signed attribute statement from the Bank's key that it's a bank, etc. The meaning of the certificates changes a bit, but there's still a certificate from the bank binding Alice's Key to Alice's Bank Account. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #---