30 April 1999
To: cryptography@c2.net Subject: KeyNote v2 trust management toolkit now available for beta testing Date: Thu, 29 Apr 1999 22:44:24 -0400 From: Matt Blaze <mab@research.att.com> We are pleased to announce the beta release of the KeyNote v2 Trust Management Toolkit and Reference Implementation for BSD Unix and Linux. The toolkit was developed by Angelos Keromytis of the University of Pennsylvania. KeyNote is a small, flexible trust management system designed to be especially suitable for Internet-style applications. KeyNote provides a single, uniform language for specifying security policies and credentials, and can be used as an application policy description language as well as as a format for public-key credentials. KeyNote is a joint project of M. Blaze, J. Feigenbaum, J. Ioannidis, and A. Keromytis. KeyNote provides a standard, common mechanism for managing security policy, credentials, access control, and authorization. An application built with KeyNote simply asks the "compliance checker" whether potentially dangerous actions should be allowed according to policy. Policies and credentials are written in a standard language that is shared across applications; the security configuration mechanism for one application carries exactly the same syntactic and semantic structure as that of another, even when the semantics of the applications themselves are quite different. The KeyNote language and implementation are virtually without intellectual property constraints (as far as we know). We have not patented the KeyNote system or trust management generally (although of course anyone, including us, could invent and patent some specific novel application of trust management based on KeyNote). The KeyNote toolkit is covered under a Berkeley-style open source license and can be freely incorporated (with attribution) into commercial and non-commercial software. The software is, of course, distributed completely without warrantee. Use it, like everything obtained from the net, completely at your own risk. This is a Beta release, and we might change the interface, structure, supported platforms, or other aspects of the system when the final version is released. The beta release has been tested under BSD Unix and Linux, but may (or may not) run on other platforms. To build KeyNote with credential signature verification, you'll need a recent release of the SSLeay library. A full description of the KeyNote language can be found in our Internet Informational RFC (we don't know the number yet), which can be obtained by anonymous ftp from: <ftp://ftp.research.att.com/dist/mab/knrfc.txt> The beta release of the KeyNote toolkit can be downloaded from the KeyNote web page at: <http://www.cis.upenn.edu/~angelos/keynote.html> or by anonymous ftp from: <ftp://ftp.research.att.com/dist/mab/keynote-2-beta2.tar.gz> There is a mailing list for KeyNote users and developers. To subscribe, send an email message to <majordomo@nsa.research.att.com> containing the line: subscribe keynote-users -matt