The official version of the RFC describing "The KeyNote Trust Management
System, Version 2" has been published as RFC 2704. This document
provides the complete, official description of the KeyNote
language syntax and semantics as well as a basic discussion of the
architectural implications of integrating KeyNote into applications.
KeyNote is a flexible "trust management" language that provides a unified
approach to specifying and interpreting security policies, credentials,
and relationships, giving applications a simple mechanism for determining
whether potentially "dangerous" actions requested by users or over
networks should be performed. KeyNote-based applications use a
standard language for their security policies and credentials that provides
a very simple and powerful mechanism for distributing policy control and
delegating authority. Because local policies and distributed credentials
are written in the same language, it is very easy to maintain a consistent
approach to security policy as applications "scale up" from local to
distributed. KeyNote is being used in a wide range of applications,
including electronic commerce, control of IPSEC tunnels, and digital
rights management. KeyNote is unpatented, and we have a free, open-
source toolkit available for application developers.
The KeyNote RFC can be downloaded via anonymous FTP from the official RFC
directory (and, in the next few days, from the usual mirror sites):
ftp://ftp.isi.edu/in-notes/rfc2704.txt
I've also made a copy available on my web site, which seems to have
better performance than ftp.isi.edu given the load on the latter:
http://www.crypto.com/papers/rfc2704.txt
Also, the official (non-beta) release of the KeyNote Trust Management
open source reference implementation and toolkit will be available
in the next couple of days; watch this space for an annoucement.
-matt
