[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Thoughts on the draft

To: Kent Crispin <kent@bywater.songbird.com>
Subject: Re: Thoughts on the draft
From: "Angelos D. Keromytis" <angelos@gradine.cis.upenn.edu>
Date: Thu, 29 Aug 1996 18:12:33 EDT
Cc: spki@c2.org, bt0008@entropy.sbc.com
In-Reply-To: Your message of "Thu, 29 Aug 1996 13:36:49 PDT." <199608292036.NAA05374@bywater.songbird.com>
Posted-Date: Thu, 29 Aug 1996 18:12:33 -0400 (EDT)
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----


>To be sure I understand: You are thinking of a multiple-signature cert
>like this:
>
>((Certificate-data)(Sig 1)(Sig 2)(Sig 3)...(Sig n))  where each Sig 
>applies only to the (Certificate-data), not any of the other Sigs.  

This is correct.

>This seems to build an odd relationship abetween the signers -- 
>suppose Sig 2 decides that the certificate is no longer valid.  What 
>does that mean as far as the other signers are concerned?

Probably nothing. Sig2 has his own expiration/validation bunch of
attributes in his signature, so his invalidation of his own signature
on the certificate would not affect the others. Essentially, having
N signatures on a certificate is like having N certificates with the
same body but different signatures/issuers. So, whereas now you'd use:

BEGIN
ISSUER: user1
SUBJECT: 1, 12345
ACCOUNT: 09876
VALIDATION: something
EXPIRATION: somethingelse
SIGNATURE: signaturehere
END

BEGIN
ISSUER: user2
SUBJECT: 1, 12345
ACCOUNT: 09876
VALIDATION: yetsomethingelse
EXPIRATION: youguessedit
SIGNATURE: anothersignature
END

, my idea is to use:

BEGIN
SUBJECT: 1, 12345
ACCOUNT: 09876
SIGNATURE1: ISSUER: user1 VALIDATION: something
	    EXPIRATION: somethingelse SIGNATURE: signaturehere
SIGNATURE2: ISSUER: user2 VALIDATION yetsomethingelse
            EXPIRATION: youguessedit SIGNATURE: anothersignature
END

So the SIGNATURE thingies can be used as detachable
signatures as well and there's no replication of information. And of
course one might elect not to send out all the signatures on his
certificate for various reasons (dont want a bank to see if another
one has signed this certificate).

Notice that this is a bit different from what i had in mind so far:
it's probably not a good idea after all to have attributes which do
not directly apply to oneself signed by one's key, simply because it
might be possible for someone else to build a valid chain of
certificates based simply on these "i don't care about the other
attributes" signatures.
- -Angelos

-----BEGIN PGP SIGNATURE-----
Version: 2.6
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMiYVwb0pBjh2h1kFAQEYfwP+OP4FQRq92rZWbuWCK1a5TBt4ZfV93Y+c
N4LffUfqXZcVZJr9p8Uxm5CsOsMl7+qQlf+QVVaNaPI9lTDYtLvriQC/gzfGymEi
arzkdQ1GT7HL+6WJ4kg/yusRO6skcXRxwnyZ+jxonLaaXBhdEJUisREJ6HEbsJN2
1D2JUwUPkqo=
=xf37
-----END PGP SIGNATURE-----

References:

Re: Thoughts on the draft

From: Kent Crispin <kent@bywater.songbird.com>

Prev by Date: Re: Thoughts on the draft
Next by Date: Re: SPKI Draft Comments
Prev by thread: Re: Thoughts on the draft
Next by thread: Re: Thoughts on the draft
Index(es):
- Main
- Thread