[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SPKI Starting Point?

On Tue, 16 Apr 1996, Ben Laurie wrote:

> Have I missed something? None of these proposed formats seem to have any
> provision for key verification. Surely this is a vital (if possibly optional)
> ingredient?

The idea is that the Sig-* fields would be signing everything, including 
any fields that happen to contain keys; or am I misunderstanding what you 
mean by key verification?

I do like the idea of listing which fields are being covered, and it 
doesn't make things much more complicated.

Does an _S_PKI need to support multiple independent signatures? If so, 
should it be done by having all sig info in a single field, or by tagging 
each signature field with an identifier to indicate which signature it 
belongs to (oops - that needs an example)

 Sig-Signer: 1 - mailto:ses@web
 Sig-Algorithm: 1 - RSA_WITH_MD5_IN_THE_LIBRARY
 Sig-Fields: 1 - Name,Validity,Favourity-Drink,Favourite-Empathogen
 Sig-Signature: 1 - aodug314508j0w9j8-a0sdfvsd-j0asdfv7h-981vh095v7g
 Sig-Signer: 2 - http://www.web/~ses/dss-ca-cert.spki
 Sig-Fields: 2 - Name,Validity,SSN
 Sig-Signature: 2 - asdfasdfCECINESTPASUNCHANNELCOVERT345e0s8-ds0


They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO