SDSI (aka ``Sudsy'' -- Simple Distributed Security Infrastructure)

Rohit Khare (khare@pest.w3.org)
Fri, 26 Apr 96 13:07:36 -0400


Begin forwarded message:

From: rivest@theory.lcs.mit.edu (Ron Rivest)
Date: Fri, 26 Apr 96 12:42:35 EDT
To: spki@c2.org, ietf-pkix@tandem.com
Subject: SDSI (aka ``Sudsy'' -- Simple Distributed Security Infrastructure)

I have posted at:
http://theory.lcs.mit.edu/~rivest/sdsi.ps
the current draft of a paper that Butler Lampson and I are working on, that
may be of interest to you. (Postscript only)
(There is also a link to this paper from my publications web page...)

SDSI is a proposal for a public-key infrastructure, with an emphasis on
how the infrastructure gets used in ACL's etc. It's main features are:
-- simple S-expression syntax for all objects and messages
-- Principals are public signature verification keys
-- flexible signatures (co-signers, detached signatures, delegation)
-- linked local name spaces, rather than hierarchical name spaces
or PGP's web of trust
-- On-line Internet orientation (principals can have servers)
-- ways to define groups of principals
-- clean user-interface for ACL's

The draft still has some gaps and rough spots, but we thought that it was
sufficiently worked out to make it presentable at this stage. Comments
appreciated!

Ron Rivest