[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Any more comments ...
On Tue, 23 Apr 1996, Carl Ellison wrote:
> At 11:06 AM 4/23/96 -0700, Simon Spero wrote:
> As I believe I said in an earlier message, this smacks of the bad habit
> which X.509 folks got into of thinking that there is one certificate per
> entity [at least from the point of view of a CA] and therefore everything
> and the kitchen sink was loaded into that certificate. In that world, I
> hear you asking for separate, independent signed things.
Hey - I'm not sure if I'm guilty or not! My intent was not to require one
certificate only per entity; what I'm suggesting merely allows multiple
virtual certificates to co-exist in the same record. The basic idea is to
allow directory/RFC822 style templates to be authenticated, with one of
the allowed attributes being public key materiel. This idea could equally
well be applied to LDAP or even to X.500. The reason for suggesting
whois/RFC822 as the base format is that that is the easiest to parse for
people without ASN.1 or DER toolkits.
I think I'm agreeing with you, but I'm not 100% sure :-)
They say in online country So which side are you on boys
There is no middle way Which side are you on
You'll either be a Usenet man Which side are you on boys
Or a thug for the CDA Which side are you on?
National Union of Computer Operatives; Hackers, local 37 APL-CPIO