[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SDSI syntax -Reply
I haven't been following the SDSI discussion very closely, but since we haven't yet determined exactly what applications this might be
suitable for, I wouldn't rule out the use of a JPEG photo within a certificate. Digital driver's licenses, passports and INS credentials, digital
credit cards for point of purchase applications, badges, etc., come to mind. Depending on the resolution and color accuracy that might
be desired, a megabyte string might not be out of the question.
>>> <firstname.lastname@example.org > 05/01/96 11:52am >>>
>The canonicalization procedure converts an arbitrary SDSI
>object into an octet string, using a fixed set of rules. (Octet
>strings are represented as length:value, and lists are represented
Are we likely to handle data sizes where length:value will become inconvenient? There is no real problem with a few KB but if we
ended up with blocks of several MB we might have problems. I can't think of any such areas off hand but someone else might.
References to objects should be via hash values so there should be no difficulty.
The main constraint from the systems point of view IMHO is that the canonicalisation step be performable using a simple linear pass
without backtracking. IE we must not introduce any ASN.1 DER type nonsense.
In order to minimize IETF discussion it may be usefull for the paper to draw the canonicalisation rules together in an appendix. I looked
for a section headed canonicalisation but didn't find one. Its odd how one changes mode from reading a paper in academic comment
mode and in IETF mode.