RFC 1824 (rfc1824) - Page 3 of 21

The Exponential Security System TESS: An Identity-Based Cryptographic Protocol for Authenticated Key-Exchange (E

Alternative Format: Original Text Document
< Previous
Next >
RFC 1824                          TESS                       August 1995


   User

      Any principal (human or machine) who owns, holds and uses a User
      key pair and can be uniquely identified by any description (see
      the Identity Descriptor below).

      In this RFC example users are referred to as A, B, C or Alice and
      Bob.

   SKIA

      SKIA is an acronym for "Secure Key Issuing Authority". The SKIA is
      a trusted local authority which generates the public and secret
      part of a User key pair. It is the SKIA's duty to verify whether
      the identity encoded in the key pair (see below) belongs to the
      key holder.  It has to check passports, identity cards, driving
      licenses etc. to investigate the real world identity of the key
      owner.  Since every key has an implicite signature of the SKIA it
      came from, the SKIA is responsible for the correctness of the
      encoded identity.

      Since the SKIA has to check the real identity of users, it is
      usually able to work within a small physical range only (like a
      campus or a city).  Therefore, not all users of a wide area or
      world wide area network can get their keys from the same SKIA with
      reasonable expense.  There is the need for multiple SKIAs which
      can work locally. This implies the need of a web of trust levels
      and trust forwards.  Communication partners with keys from the
      same SKIA know the public data of their SKIA because it is part of
      their own key.  Partners with keys from different SKIAs have to
      make use of the web to learn about the origin, the trust level,
      and the public key of the SKIA which issued the other key.

   Id[A] Identity Descriptor

      The Identity Descriptor is a part of the public User key. It is a
      somehow structured bitstring describing the key owner in a certain
      way. This description of the key owner should be precise enough to
      fully identify the owner of a User key. The description depends on
      the nature of the owner. For a human this could be the name, the
      address, the phone number, date of birth, size of the feet, color
      of the eyes, or anything else. For a machine this could be the
      hostname, the hostid, the internet address etc., for a fax machine
      or a modem it could be the international phone number.

      Furthermore, the description bitstring could contain key
      management data as the name of the SKIA (see below) which issued
      the key, the SKIA-specific serial number, the expiry date of the



Danisch                      Informational
< Previous
Next >