[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SPKI Starting Point?
On Tue, 16 Apr 1996, Ben Laurie wrote:
>
> Have I missed something? None of these proposed formats seem to have any
> provision for key verification. Surely this is a vital (if possibly optional)
> ingredient?
The idea is that the Sig-* fields would be signing everything, including
any fields that happen to contain keys; or am I misunderstanding what you
mean by key verification?
I do like the idea of listing which fields are being covered, and it
doesn't make things much more complicated.
Does an _S_PKI need to support multiple independent signatures? If so,
should it be done by having all sig info in a single field, or by tagging
each signature field with an identifier to indicate which signature it
belongs to (oops - that needs an example)
Sig-Signer: 1 - mailto:ses@web
Sig-Algorithm: 1 - RSA_WITH_MD5_IN_THE_LIBRARY
Sig-Fields: 1 - Name,Validity,Favourity-Drink,Favourite-Empathogen
Sig-Signature: 1 - aodug314508j0w9j8-a0sdfvsd-j0asdfv7h-981vh095v7g
Sig-Signer: 2 - http://www.web/~ses/dss-ca-cert.spki
Sig-Algorithm: 2 - DSS_WITH_SHA_IN_THE_KITCHEN
Sig-Fields: 2 - Name,Validity,SSN
Sig-Signature: 2 - asdfasdfCECINESTPASUNCHANNELCOVERT345e0s8-ds0
Simon
---
They say in online country So which side are you on boys
There is no middle way Which side are you on
You'll either be a Usenet man Which side are you on boys
Or a thug for the CDA Which side are you on?
National Union of Computer Operatives; Hackers, local 37 APL-CPIO
References: