[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Any more comments on the whois++ SPKI proposalette?



On Sat, 20 Apr 1996, Paul Leach wrote:

> Too fast on the send button.  I meant to say -- it seemed like there
> were a number of people, myself included, who wanted to see the
> requirements doc first. This was also stated explicitly at the WG
> meeting in LA.

I figured that was a first draft :-) My general feeling is that  the 
requirements for an SPKI are more or less implied by the name - 
It's gotta be as simple as possible; if the requirements are too 
complicated, then X.509 is indicated. 

A quick cut at making the requirements more explicit

1) The SPKI must be easier to implemnt than X.509
2) The SPKI certificate format must allow abitrary fields to be signed for.
3) The SPKI certificate format must allow arbitrary fields to be 
   signed/not-signed. 
4) The SPKI format should allow certain fields to be designated 
   mandatory; the certificate must be rejected if these fields are not 
   supported. (ala v3)
5) The SPKI must define attribute types for embedded public keys;
   pre-defined types should be defined for RSA, DSS, and DH keys 
6) The SPKI should be useable with at least one standards track directory
   protocol. 
7) The SPK should allow multiple parties to sign a single certificate
8) It should be possible to transfer SPKI certificates through electronic 
   mail,  either through the use os a mail safe format or through 
   definition of a new mime type
9) SPKI signatures should support fixed term validity periods
10) SPKI should support online CRLS
11) SPKI should upport offline CRLS

Simon
 ---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO


References: