[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comments on client auth



Peter,

        I'm glad to see you discount X.509 and ASN.1 as mere data formats which can be avoided at will. :)

        [I couldn't resist the dig, but back to serious issues....]

        X.509 is general -- more general than PGP (which is inadequate) -- but the generality it inherits from ASN.1 is one of ASN.1's vices.  (You've doubtless seen my paper on that -- and we'll probably never agree.)


        X.509v1 could be just (name,key).  However, we've identified  (attribute,key,validity) as the minimal cert.

        Of course, we could use marvelous ASN.1 and X.509's generality to add the attribute field (what I call Meaning or Authority) -- and much of this thinking was taken from actual uses of X.509 certs -- but it is a Very Good Thing to limit certificates to required fields and only a few -- and to limit the definition of the cert to less than one page of C (or PASCAL) structures.

 - Carl
From ???@??? Fri Jun 14 12:44:20 1996
Return-Path: <owner-spki@c2.org>
Received: from callandor.cybercash.com (callandor1.cybercash.com) by cybercash.com (4.1/SMI-4.1)
	id AA24676; Fri, 14 Jun 96 12:09:05 EDT
Received: by callandor.cybercash.com; id MAA09401; Fri, 14 Jun 1996 12:05:56 -0400
Received: from infinity.c2.org(140.174.185.11) by callandor.cybercash.com via smap (V3.1)
	id xma009374; Fri, 14 Jun 96 12:05:38 -0400
Received: (from daemon@localhost) by infinity.c2.org (8.7.4/8.6.9)
	id JAA25926 for spki-outgoing; Fri, 14 Jun 1996 09:03:44 -0700 (PDT)
	Community ConneXion: Privacy & Community: <URL:http://www.c2.net>
Message-Id: <2.2.32.19960614160445.00806a3c@cybercash.com>
X-Sender: cme@cybercash.com
X-Mailer: Windows Eudora Pro Version 2.2 (32)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Fri, 14 Jun 1996 12:04:45 -0400
To: peter@VeriSign.com
From: Carl Ellison <cme@cybercash.com>
Subject: Re: comments on client auth
Cc: "Brian M. Thomas" <bt0008@entropy.sbc.com>, spki@c2.org,
        michael@VeriSign.com
Sender: owner-spki@c2.org
Precedence: bulk

Peter,

        I'm glad to see you discount X.509 and ASN.1 as mere data formats
which can be avoided at will. :)

        [I couldn't resist the dig, but back to serious issues....]

        X.509 is general -- more general than PGP (which is inadequate) --
but the generality it inherits from ASN.1 is one of ASN.1's vices.  (You've
doubtless seen my paper on that -- and we'll probably never agree.)


        X.509v1 could be just (name,key).  However, we've identified
(attribute,key,validity) as the minimal cert.

        Of course, we could use marvelous ASN.1 and X.509's generality to
add the attribute field (what I call Meaning or Authority) -- and much of
this thinking was taken from actual uses of X.509 certs -- but it is a Very
Good Thing to limit certificates to required fields and only a few -- and to
limit the definition of the cert to less than one page of C (or PASCAL)
structures.

 - Carl

+--------------------------------------------------------------------------+
|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                              http://www.cybercash.com/    |
|207 Grindall Street           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103       T:(410) 727-4288     F:(410)727-4293        |
+--------------------------------------------------------------------------+