RFC 1824 (rfc1824) - Page 3 of 21
The Exponential Security System TESS: An Identity-Based Cryptographic Protocol for Authenticated Key-Exchange (E
Alternative Format: Original Text Document
RFC 1824 TESS August 1995
User
Any principal (human or machine) who owns, holds and uses a User
key pair and can be uniquely identified by any description (see
the Identity Descriptor below).
In this RFC example users are referred to as A, B, C or Alice and
Bob.
SKIA
SKIA is an acronym for "Secure Key Issuing Authority". The SKIA is
a trusted local authority which generates the public and secret
part of a User key pair. It is the SKIA's duty to verify whether
the identity encoded in the key pair (see below) belongs to the
key holder. It has to check passports, identity cards, driving
licenses etc. to investigate the real world identity of the key
owner. Since every key has an implicite signature of the SKIA it
came from, the SKIA is responsible for the correctness of the
encoded identity.
Since the SKIA has to check the real identity of users, it is
usually able to work within a small physical range only (like a
campus or a city). Therefore, not all users of a wide area or
world wide area network can get their keys from the same SKIA with
reasonable expense. There is the need for multiple SKIAs which
can work locally. This implies the need of a web of trust levels
and trust forwards. Communication partners with keys from the
same SKIA know the public data of their SKIA because it is part of
their own key. Partners with keys from different SKIAs have to
make use of the web to learn about the origin, the trust level,
and the public key of the SKIA which issued the other key.
Id[A] Identity Descriptor
The Identity Descriptor is a part of the public User key. It is a
somehow structured bitstring describing the key owner in a certain
way. This description of the key owner should be precise enough to
fully identify the owner of a User key. The description depends on
the nature of the owner. For a human this could be the name, the
address, the phone number, date of birth, size of the feet, color
of the eyes, or anything else. For a machine this could be the
hostname, the hostid, the internet address etc., for a fax machine
or a modem it could be the international phone number.
Furthermore, the description bitstring could contain key
management data as the name of the SKIA (see below) which issued
the key, the SKIA-specific serial number, the expiry date of the
Danisch Informational