[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Any more comments on the whois++ SPKI proposalette?
On Sat, 20 Apr 1996, Paul Leach wrote:
> Too fast on the send button. I meant to say -- it seemed like there
> were a number of people, myself included, who wanted to see the
> requirements doc first. This was also stated explicitly at the WG
> meeting in LA.
I figured that was a first draft :-) My general feeling is that the
requirements for an SPKI are more or less implied by the name -
It's gotta be as simple as possible; if the requirements are too
complicated, then X.509 is indicated.
A quick cut at making the requirements more explicit
1) The SPKI must be easier to implemnt than X.509
2) The SPKI certificate format must allow abitrary fields to be signed for.
3) The SPKI certificate format must allow arbitrary fields to be
signed/not-signed.
4) The SPKI format should allow certain fields to be designated
mandatory; the certificate must be rejected if these fields are not
supported. (ala v3)
5) The SPKI must define attribute types for embedded public keys;
pre-defined types should be defined for RSA, DSS, and DH keys
6) The SPKI should be useable with at least one standards track directory
protocol.
7) The SPK should allow multiple parties to sign a single certificate
8) It should be possible to transfer SPKI certificates through electronic
mail, either through the use os a mail safe format or through
definition of a new mime type
9) SPKI signatures should support fixed term validity periods
10) SPKI should support online CRLS
11) SPKI should upport offline CRLS
Simon
---
They say in online country So which side are you on boys
There is no middle way Which side are you on
You'll either be a Usenet man Which side are you on boys
Or a thug for the CDA Which side are you on?
National Union of Computer Operatives; Hackers, local 37 APL-CPIO
References: