libspki (informal announce)

Niels Möller nisse@lysator.liu.se
11 Mar 2003 10:50:10 +0100


This is the first informal announcement of libspki. SPKI, the Simple
Public Key Infrastructure, is a sane way of using certificates. The
original design is by Carl Ellison and Ron Rivest. The emphasis, at
least from my point of view, is on association of authorization to
keys (in contrast to X.509, which tries to bind X.500 names to keys),
and on delegation of some or all of one's authorization. For some
background, read RFC 2693.

I think the primary applications where SPKI would be useful is in
authentication (like public key ssh login, as well as host
authentication), access control for various network servers, perhaps
also peer-to-peer servers, etc.

I've been working on an SPKI library from time to time since November
last year. As the name promises, it *is* pretty simple. I have the
most important features in place and it's still less than 7000 lines.
For an example of what the objects look like, see the delegation
testcase, <URL:
http://cvs.lysator.liu.se/viewcvs/viewcvs.cgi/lsh/src/spki/testsuite/delegate-test?rev=HEAD&cvsroot=lsh&content-type=text/vnd.viewcvs-markup>

The purpose if this announcement is to find out if there are any other
people in the community who are interested in SPKI. I'm not in a
desperate need for coding help, but I could really use feedback on the
code and functionality: If the interfaces are reasonable or need
generalization, which of the missing features are important, how to
organize the directory of SPKI-related information, which parts are in
the most need of documentation, etc.

To me, SPKI seems like the obvious way to go whenever one needs public
keys, and has the luxury of not having to be backwards compatible
with X.509. (Actually, SPKI is designed so that it *can* interoperate
with alien PKI stuff, such as X.509, but I'm not going to write that
code any time soon).

There's no polished distribution, so the easiest way to try out
libspki is to pull the latest lsh from cvs.

For further pointers and instructions, see <URL:
http://www.lysator.liu.se/~nisse/libspki>.

Please let me know what you think about it.

Happy hacking,
/Niels