30 April 1999


To: cryptography@c2.net
Subject: KeyNote v2 trust management toolkit now available for beta testing
Date: Thu, 29 Apr 1999 22:44:24 -0400
From: Matt Blaze <mab@research.att.com>


We are pleased to announce the beta release of the KeyNote v2 Trust
Management Toolkit and Reference Implementation for BSD Unix and
Linux.  The toolkit was developed by Angelos Keromytis of the
University of Pennsylvania.

KeyNote is a small, flexible trust management system designed to be
especially suitable for Internet-style applications.  KeyNote provides
a single, uniform language for specifying security policies and
credentials, and can be used as an application policy description
language as well as as a format for public-key credentials.  KeyNote
is a joint project of M. Blaze, J. Feigenbaum, J. Ioannidis, and
A. Keromytis.

KeyNote provides a standard, common mechanism for managing security
policy, credentials, access control, and authorization.  An
application built with KeyNote simply asks the "compliance checker"
whether potentially dangerous actions should be allowed according to
policy.  Policies and credentials are written in a standard language
that is shared across applications; the security configuration
mechanism for one application carries exactly the same syntactic and
semantic structure as that of another, even when the semantics of the
applications themselves are quite different.

The KeyNote language and implementation are virtually without
intellectual property constraints (as far as we know).  We have not
patented the KeyNote system or trust management generally (although of
course anyone, including us, could invent and patent some specific
novel application of trust management based on KeyNote).  The KeyNote
toolkit is covered under a Berkeley-style open source license and can
be freely incorporated (with attribution) into commercial and
non-commercial software.  The software is, of course, distributed
completely without warrantee.  Use it, like everything obtained from
the net, completely at your own risk.

This is a Beta release, and we might change the interface, structure,
supported platforms, or other aspects of the system when the final
version is released.  The beta release has been tested under BSD Unix
and Linux, but may (or may not) run on other platforms.  To build
KeyNote with credential signature verification, you'll need a recent
release of the SSLeay library.

A full description of the KeyNote language can be found in our
Internet Informational RFC (we don't know the number yet), which can
be obtained by anonymous ftp from:

        <ftp://ftp.research.att.com/dist/mab/knrfc.txt>

The beta release of the KeyNote toolkit can be downloaded from the
KeyNote web page at:

        <http://www.cis.upenn.edu/~angelos/keynote.html>

or by anonymous ftp from:

        <ftp://ftp.research.att.com/dist/mab/keynote-2-beta2.tar.gz>

There is a mailing list for KeyNote users and developers.  To
subscribe, send an email message to <majordomo@nsa.research.att.com>
containing the line:
        subscribe keynote-users

-matt