PKI creed (was Re: Trustworthy contacts)

Carl Ellison ukcrypto at maillist.ox.ac.uk
16 Sep 2000 08:44:40 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 05:58 PM 9/14/00 +0100, Brian Gladman wrote:
>As you say, it certainly introduces the naming problem and here it is
>somewhat ironic that we should now be discussing hierarchy since the lack of
>effective mechanisms for handling real world naming issues is partly the
>result of standards designed to cope only with a world in which names are
>unique because they can always be identified by a unique path in a
>hierarchical directory structure.  At the time it might have been hard to do
>anything different but now that we know better it seems even harder to
>change the direction in which this particular juggernaut is travelling.
>
>Despite SDSI and approaches that build on relationships between local
>namespaces - which offer a closer match to the real world - most systems
>designers still seem to be locked into a hierarcical world, being content to
>leave end users to fall into the nasty traps that this can spring on them.
>:-(

The problem with hierarchical name construction (a la X.500) is that humans 
don't look at the whole constructed name.  They look at the part they 
recognize (or the part of that that they think is important).

The constructed name may be guaranteed unique and therefore a valid 
identifier, but that doesn't mean that when readers of the name extract the 
part they like, that part is unique and an identifier.

If you want to guarantee that, my suggestion is that you construct the name 
(e.g., X.500 DN from some single naming root) -- and then do the SHA-1 hash 
of it and BASE64 encode it -- and use that encoded hash instead of the 
original name.  Now, no reader/user of the name is able to look at a 
sub-part and believe he/she knows what the name refers to.

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2

iQA/AwUBOcOVZ3PxfjyW5ytxEQLdHwCgvHne7Pn5n87kRSEFO4Uzis5RCykAnjez
v5vfmKTWlgF03OXPRG2maYWx
=IeDu
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison         cme@acm.org     http://world.std.com/~cme |
|    PGP: 08FF BA05 599B 49D2  23C6 6FFD 36BA D342                 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+