cman@communities.com (Douglas Barnes) writes:

If anyone still has the flyer from the Crypto '95 rump session, there was a guy there talking about ANSI standards, and one of the things he mentioned in his talk was work they were doing on "key attributes." I spoke with him afterwards, and we had a lively discussion about this matter; especially with regard to the relationship between key certification and key attributes. I argued that certification is just another kind of attribute, while he is fairly hung up on certificate hierarchies, etc.

Did he perchance work for some US Federal Agency such as NIS&T? Or a large corporation? My small PGP key was created at the National Computer Security Conference in 1992. About half the attendees were NSA, and lots more were from assorted defense and civilian agancies. During the free time, I talked to a bunch of them about Phil's web of trust. I had a really hard time understanding with where they were comming from, and they had no clue as to why I thought hierarchical CA chains are so bad. I didn't convince anyone. But I have come to understand that if you spend your entire working life in a job that is structured from the President on down a heirarchy, you can't imagine any other organizational structure. This includes the obvious LEAs such as FBI, ATF, all the Defense folks and sppoks like CIA, DIA, NSA, and the standards "setting" folks out at NIS&T. Pat Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include <standard.disclaimer>