[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Any more comments ...

On Tue, 23 Apr 1996, Carl Ellison wrote:

> At 11:06 AM 4/23/96 -0700, Simon Spero wrote:
> As I believe I said in an earlier message, this smacks of the bad habit
> which X.509 folks got into of thinking that there is one certificate per
> entity [at least from the point of view of a CA] and therefore everything
> and the kitchen sink was loaded into that certificate.  In that world, I
> hear you asking for separate, independent signed things.

Hey - I'm not sure if I'm guilty or not! My intent was not to require one 
certificate only per entity; what I'm suggesting merely allows multiple 
virtual certificates to co-exist in the same record. The basic idea is to 
allow directory/RFC822 style templates to be authenticated, with one of 
the allowed attributes being public key materiel. This idea could equally 
well be applied to LDAP or even to X.500. The reason for suggesting 
whois/RFC822 as the base format is that that is the easiest to parse for 
people without ASN.1 or DER toolkits.

I think I'm agreeing with you, but I'm not 100% sure :-)


They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO