Server-to-server channel

Vinay Gupta hexayurt at gmail.com
Wed Apr 4 18:44:18 UTC 2007 

On Apr 4, 2007, at 6:13 PM, Douglas Otis wrote:
> This may seem to be off topic, but I really don't see reluctance in
> using public key cryptography.  DKIM would be one such example.
> Nearly every gateway, and access point can utilize this means of
> authentication.  Think of this as yet another means to control an
> account without relying upon OpenID.  OpenID opens the door, where
> you then hand them your public key.
>
> One might also wish to specifically define attributes containing
> public keys used by the identity.  This would be information uploaded
> by the individual after creating their id_rsa.pub key information
> using either system tools or specialized applications.  This would
> provide an alternative access method that would not rely upon OpenID
> exchanges.  Here again, an expiry might prove handy, and so would a
> means to revoke the key.  Perhaps this would be done by overlaying
> it.  There could be keys used to authorize some other automated
> service, or to act as a replacement for OpenID once the key has been
> established.  One might be defined for email, IM, VoIP, etc.

It's not the public key management in a scheme like this that  
concerns me...

Two issues: private key management - are the keys scattered, like  
your VOIP key lives in Gizmo, and your SSH key lives in your .ssh,  
and so on? Or do we by logical extension begin to impose some order  
here and have one key pair per person... you see where this goes, right?

Secondly X509 certificates are very, very broken in terms of  
delegation semantics and certification semantics (at least in many  
people's eyes, mine included.)

So.. SPKI?

(yes, I've been over this territory.... and that's pretty much what  
I'm doing here.)

Vinay

--
Vinay Gupta - Designer, Hexayurt Project - an excellent public domain  
refugee shelter system
Gizmo Project VOIP: 775-743-1851 (usually works!)              Cell:  
Iceland (+354) 869-4605
http://howtolivewiki.com/hexayurt - old         http://appropedia.org/ 
Hexayurt_Project - new
Skype/Gizmo/Gtalk: hexayurt   I have a proof which unfortunately this  
signature is too short

More information about the specs mailing list