[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SPKI Starting Point?

Taking the idea of spki as whois++/rfc822 a step further, here is a 
bare-bones (unstuffed?) straw-man with the basic additional fields.

Sig-Algorithm: 		<name of algorithm being used, eg. RSAwithMD5>
Sig-NotBefore:		<Date>
Sig-NotAfter:		<Date>
Sig-Signer:		<URI identifying signing key>
Sig-Signature:		<base64 encoding of the result of applying 
			 Sig-Algorithm to all fields in this template, 
			 with all multi-line values treated as if the 
			 value were encoded on a single line, and with 
			 all trailing white-space removed>

[Sig-Signer just identifies the key; if the URI is a URL, and that URL 
resolves to a well formatted SPKI template containing a public key, that 
key should be the one that was used to sign this template. alternately, 
there could be transfomration rules used to automatically generate a URL 
from the URI for both CRL and Key]

 Additional attribute for templates carrying public keys:
	Public-Key:	<type> ";" <base64 encoding of pkcs-1 encoding of key>
	RSA-PublicKey-Modulus: <base64 encoding of modulus>
	RSA-PublicKey-Exponent: <base64 encoding of exponent>

	RSA-PublicKey-Modulus: text encoding of decimal val of modulus
	RSA-PublicKey-Exponent: text encoding of decimal value of exponent

They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO