Cryptography and Information Security Group Research Project:
A Simple Distributed Security Infrastructure (SDSI)

SDSI is a new design for a public-key infrastructure, designed by Professors Ronald L. Rivest and Butler Lampson of MIT's Laboratory for Computer Science, members of LCS's Cryptography and Information Security research group.

SDSI research at MIT is supported by DARPA contract DABT63-96-C-0018, "Security for Distributed Computer Systems", and by NASA.

SDSI Status

SDSI 1.0

SDSI 1.0 has been designed (see references below). A prototype implementation by Matt Fredette and Gillian Elcock is underway. An initial version of a SDSI server is operational. The user interface has been designed and a protoype has been implemented, which is described in the thesis A Web-Based User Interface for SDSI. Another SDSI 1.0 implementation by Wei Dai has been almost entirely completed.

SDSI 1.1

A redesign of SDSI, to yield SDSI version 1.1 is underway. The documentation (see references below) lags behind the actual design work considerably; stay tuned for more details... The goals are to simplify the design still further, and to merge the design with Carl Ellison's SPKI work.

SDSI 2.0

This design represents the merger of SDSI and SPKI. It has a unified treatment of certificates, a coherent treatment of names (both for individuals and for groups), an algebra of "tags" for describing permissions and attributes, and a flexible means of denoting cryptographic keys.

A SDSI/SPKI 2.0 software distribution, including crypto code, is now openly available. The current release is 0.4.5. Click here for the distribution form.

Problems with the above link? Send me mail.

The Java implementation of SDSI/SPKI 2.0 is now available online.

References and Documentation

There is an archive of the SPKI/SDSI mailing group discussions here.

[Version 1.0]

[Version 1.1]

[Version 2.0]

Back to CIS Home Page