[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Thoughts on the draft
-----BEGIN PGP SIGNED MESSAGE-----
In message <email@example.com>, Carl Ellison writ
>This sounds good. How does it differ from a certificate with a single
>issuer which refers to some external body? That is, we could make a
>INCLUDE <hash alg>,<hash of body>
>to achieve the same thing. Am I understanding you correctly?
That would be equivalent to what i suggested, but i'd feel better if
you could have the signatures in the certificate, instead of separate
certificates (come to think of that, one could move from one format to
> AUTH: <auth-tag>,<N>,<parameters>
>are just as parseable in binary as in ASCII. Each parameter is a
>byte-string -- with length followed by that many bytes.
More straightforward implementation if you just use ASCII as the
default format, IMO. I won't insist too much on this subject.
>Should I assume that you are an advocate of S-expressions?
Guilty as charged.
I feel this approach gives more control to an application developer,
and it allows for easily modifiable applications when signature
>Unless I misunderstand you, this gets into the non-chain certificate
>structure addressed by PolicyMaker [BFL]. Have you read that paper?
I have indeed, and i don't see the connection. What i suggest is
essentially the INCLUDE you talked about earlier on in this message.
-----BEGIN PGP SIGNATURE-----
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
-----END PGP SIGNATURE-----