[e-lang] E language over I2P

Bill Frantz frantz at pwpconsult.com
Sun Mar 2 15:20:43 EST 2008


kpreid at mac.com (Kevin Reid) on Sunday, March 2, 2008 wrote:

>Also, as Bill Frantz said:
>> One could imagine some certificates which said the vatID x on  
>> network a is the same as vatID y on network b. If these  
>> certificates were signed with the private keys which generated the  
>> two vatIDs, this assertion could be believed, although the  
>> resulting system is somewhat more complex.
>
>The way I see this working is that there is One True Vat Identity  
>(key-pair), which is used to sign statements (certificates?) of the  
>equivalence of a given other-transport-identifier.

Yes. It is interesting that this approach is also the correct
approach for a pet name system to use with TLS. In the TLS case we
have an entranched business model, that results in poorer security,
and prevents this use of a certificate chain. (Because CAs will not
issue certificates to keys which can be used to sign other
certificates, an organization can't have a single signing key
certified by a CA and then sign separate machine keys for each of
their servers.)

Cheers - Bill

---------------------------------------------------------------------------
Bill Frantz        |"We used to quip that "password" is the most common
408-356-8506       | password. Now it's 'password1.' Who said users haven't
www.periwinkle.com | learned anything about security?" -- Bruce Schneier



More information about the e-lang mailing list