SPKI%20/%20SDSI%20Simple%20PKI%20/%20Simple%20Distributed%20Security%20Infrastructure

1
SPKI / SDSISimple PKI / Simple Distributed
Security Infrastructure

• What is SPKI ?
• The Simple PKI is a movement to replace the
  specification to replace the specification for
  X.509 with something simpler. X.509 relied on
  several global structures that made it difficult
  to implement it efficiently.
• One structure that SPKI tries to remove is the
  global name space, a feature intrinsic to X.509
  and PGP.
• What is SDSI ?
• The main feature added by SDSI was the notion
  local name spaces - name spaces that are defined
  relative to a particular key, which can later be
  dereferenced to a key or another SDSI name. Thus
  avoiding the CRLs.

2
How does it work ?

• The main new feature of this PKI is the
  separation of authorization from name definition.
• This eliminates several hairy problems that arise
  with the juxtaposition of authority with naming.
• Since you really only know and control your own
  name space, you can, at will, issue certificates
  that bind subjects to names in your namespace.
• Lets see one simple example, but before this
  lets see the SPKI/SDSI certificate structures.

3
Representation of Certificates in terms of
S-expressions

• (cert
• (issuer
• (name
• (public-key
• (rsa-pkcs1-md5
• (e 25)
• (n K.. )))
• TIFR))
• (subject
• (public-key
• (rsa-pkcs1-md5
• (e 25)
• (n K-tifr.. )))))

• This S-Expression is a Certificate issued by Key
  K to Key K-tifr.
• In-short it can be represented as
• K TIFR -gt K-tifr
• ASN.1 like encoding is avoided.

4
SPKI/SDSI Certificates -

• Name Certs K, A, S, V
• Auth Certs K, S, D, T, V
• Certs as Rewrite rules -
• K A ? S
• K