gzz-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gzz-commits] storm/doc/dartboard/pointer_identities--benja i...

From: Benja Fallenstein
Subject: [Gzz-commits] storm/doc/dartboard/pointer_identities--benja i...
Date: Wed, 09 Jul 2003 21:04:39 -0400 
CVSROOT:        /cvsroot/storm
Module name:    storm
Branch:         
Changes by:     Benja Fallenstein <address@hidden>      03/07/09 21:04:39

Modified files:
        doc/dartboard/pointer_identities--benja: idea.rst 

Log message:
        more

CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/storm/storm/doc/dartboard/pointer_identities--benja/idea.rst.diff?tr1=1.2&tr2=1.3&r1=text&r2=text

Patches:
Index: storm/doc/dartboard/pointer_identities--benja/idea.rst
diff -u storm/doc/dartboard/pointer_identities--benja/idea.rst:1.2 
storm/doc/dartboard/pointer_identities--benja/idea.rst:1.3
--- storm/doc/dartboard/pointer_identities--benja/idea.rst:1.2  Wed Jul  9 
20:45:46 2003
+++ storm/doc/dartboard/pointer_identities--benja/idea.rst      Wed Jul  9 
21:04:39 2003
@@ -4,7 +4,7 @@
 
 :Author:  Benja Fallenstein <address@hidden>
 :Created: 2003-07-10
-:Changed: $Date: 2003/07/10 00:45:46 $
+:Changed: $Date: 2003/07/10 01:04:39 $
 
 .. contents::
 
@@ -176,3 +176,32 @@
 Hm. Comments appreciated.)
 
 
+A first cut at the problem
+==========================
+
+So, let's examine how the above work out for Storm.
+
+- We cannot use key-based identity for pointers because
+  any private key can get exposed-- that's the motivation
+  for this document.
+- Using axiomatic identity would mean that for every
+  entity signing pointers, we would have to establish
+  out-of-bounds (manually) who they are, *before we can
+  read any documents from them*. Clearly infeasible.
+- So we're left with hierarchical identity, which works
+  for DNS. (Of course, we need a root for the hierarchy;
+  since key-based is out, its identity must be asserted
+  axiomatically, as in DNS.)
+
+A first cut:
+
+- We have a root entity whose public key is specified
+  through out-of-bounds means (e.g., "download from
+  http://himalia.it.jyu.fi/pubkey";).
+- The root entity gives names to other entities and
+  signs ``(name,pubkey)`` pairs with its own key.
+- The other entities can do the same.
+- Then, given a path like ``foo/bar/baz``, we can
+  find out who ``foo`` is, according to the root;
+  who ``bar`` is, according to ``foo``; and who
+  ``baz`` is, according to ``foo/bar``.
\ No newline at end of file
reply via email to
[Prev in Thread] Current Thread [Next in Thread]