Mab@Research.Att.Com posted:
A number of people have been asking me about some work I've been doing (with Joan Feigenbaum and Jack Lacy) on alternatives to traditional (X.509, PGP, etc.) identity-based certificates. We've just finished up our paper on the concept, "Decentralized Trust Management", to appear at the Oakland Security Conference in May.
A PostScript pre-print is available in ftp://research.att.com/dist/mab/policymaker.ps
I D/Led this file last night & printed it out. I was a little suspicious at first because you'd think if AT&T really wanted people to read (instead of just wanting to say they published it) they'd put it on the web in http and not use obscure printer codes. But after I read it my suspicious nature was confirmed. Behind all the obscure printer codes and fancy language, it is obvious to anyone with half a brain that this is just a move by AT&T to put itself on top of the internet certificate hierarchy where your're locked in to using AT&T software and internet service (just like RSA and Netscape). You have to license AT&T code to use it and you need an AT&T approved policy attribute or something in order to make it work. Ask yourself why they'd publish this otherwise. Hint: youre safer trusting university research than corporate research-marketing. PGP is good enuf for me.
-matt
[NB: I no longer read the cypherpunks list with any regularity, so please cc me directly on any comments or discussion. Thanks.]
Uh huhhhhhh. Blaze and AT&T are no friends of the cypherpunks and no longer even condesend to pretend as much. Don't even ask me about their motives for supporting the Leahy key escrow bill.