Date: Thu, 5 Oct 1995 12:24:34 -0700 From: Hal <hfinney@shell.portal.com>

I don't understand this whole discussion. A certificate is a signed binding of a key and a unique name, right?

It depends on how you define certificate. If you define it this way, then I'm proposing the elimination of certificates (because I'm eliminating the unique name as something different from a key). If you define certificate as I do -- as a bound statement of some attribute of a key, then it should become clearer. It's just that the attribute I'm binding is not some unique person-name -- rather something like permission to spend money from a bank account.

I'd like to see some grounding of this discussion in terms of the role of certificates, and ways to prevent man in the middle attacks. I certainly have no love for facist worldwide ID cards and hierarchical, organization based naming schemes, but just using any old key because it seems to work OK most of the time isn't going to fly IMO.

The rest should be more clear if you read the rest of the backlog.... - Carl +--------------------------------------------------------------------------+ |Carl M. Ellison cme@tis.com http://www.clark.net/pub/cme | |Trusted Information Systems, Inc. http://www.tis.com/ | |3060 Washington Road PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2| |Glenwood MD 21738 Tel:(301)854-6889 FAX:(301)854-5363 | +--------------------------------------------------------------------------+