[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gzz-commits] storm/doc/dartboard/pointer_identities--benja i...
From: |
Benja Fallenstein |
Subject: |
[Gzz-commits] storm/doc/dartboard/pointer_identities--benja i... |
Date: |
Wed, 09 Jul 2003 21:04:39 -0400 |
CVSROOT: /cvsroot/storm
Module name: storm
Branch:
Changes by: Benja Fallenstein <address@hidden> 03/07/09 21:04:39
Modified files:
doc/dartboard/pointer_identities--benja: idea.rst
Log message:
more
CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/storm/storm/doc/dartboard/pointer_identities--benja/idea.rst.diff?tr1=1.2&tr2=1.3&r1=text&r2=text
Patches:
Index: storm/doc/dartboard/pointer_identities--benja/idea.rst
diff -u storm/doc/dartboard/pointer_identities--benja/idea.rst:1.2
storm/doc/dartboard/pointer_identities--benja/idea.rst:1.3
--- storm/doc/dartboard/pointer_identities--benja/idea.rst:1.2 Wed Jul 9
20:45:46 2003
+++ storm/doc/dartboard/pointer_identities--benja/idea.rst Wed Jul 9
21:04:39 2003
@@ -4,7 +4,7 @@
:Author: Benja Fallenstein <address@hidden>
:Created: 2003-07-10
-:Changed: $Date: 2003/07/10 00:45:46 $
+:Changed: $Date: 2003/07/10 01:04:39 $
.. contents::
@@ -176,3 +176,32 @@
Hm. Comments appreciated.)
+A first cut at the problem
+==========================
+
+So, let's examine how the above work out for Storm.
+
+- We cannot use key-based identity for pointers because
+ any private key can get exposed-- that's the motivation
+ for this document.
+- Using axiomatic identity would mean that for every
+ entity signing pointers, we would have to establish
+ out-of-bounds (manually) who they are, *before we can
+ read any documents from them*. Clearly infeasible.
+- So we're left with hierarchical identity, which works
+ for DNS. (Of course, we need a root for the hierarchy;
+ since key-based is out, its identity must be asserted
+ axiomatically, as in DNS.)
+
+A first cut:
+
+- We have a root entity whose public key is specified
+ through out-of-bounds means (e.g., "download from
+ http://himalia.it.jyu.fi/pubkey").
+- The root entity gives names to other entities and
+ signs ``(name,pubkey)`` pairs with its own key.
+- The other entities can do the same.
+- Then, given a path like ``foo/bar/baz``, we can
+ find out who ``foo`` is, according to the root;
+ who ``bar`` is, according to ``foo``; and who
+ ``baz`` is, according to ``foo/bar``.
\ No newline at end of file