[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Thoughts on the draft
-----BEGIN PGP SIGNED MESSAGE-----
In message <3.0b11.32.19960902160235.04733af8@cybercash.com>, Carl Ellison writ
es:
>This sounds good. How does it differ from a certificate with a single
>issuer which refers to some external body? That is, we could make a
>#include analog
>
>INCLUDE <hash alg>,<hash of body>
>
>to achieve the same thing. Am I understanding you correctly?
>
That would be equivalent to what i suggested, but i'd feel better if
you could have the signatures in the certificate, instead of separate
certificates (come to think of that, one could move from one format to
the other).
> AUTH: <auth-tag>,<N>,<parameters>
>
>are just as parseable in binary as in ASCII. Each parameter is a
>byte-string -- with length followed by that many bytes.
>
More straightforward implementation if you just use ASCII as the
default format, IMO. I won't insist too much on this subject.
>Should I assume that you are an advocate of S-expressions?
>
Guilty as charged.
I feel this approach gives more control to an application developer,
and it allows for easily modifiable applications when signature
algorithms/formats change.
>Unless I misunderstand you, this gets into the non-chain certificate
>structure addressed by PolicyMaker [BFL]. Have you read that paper?
>
I have indeed, and i don't see the connection. What i suggest is
essentially the INCLUDE you talked about earlier on in this message.
- -Angelos
-----BEGIN PGP SIGNATURE-----
Version: 2.6
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQCVAwUBMixJjb0pBjh2h1kFAQFkHAP8CNC7himKPjaDInTEd4GqVJfLksUONju3
D0gNohMgbzIpi5xWKPfZXt0XPNYp9S5eefRnBqIXOsbu3c1jjI3D33QaNBJs4uLF
ol0vHltnzbFeAc0rgdcjbxYd5f04Ohn9gUnvYgnhvWz+wtwGC2sepPuiHqZ1ZCuT
VBNADGUAgL4=
=xOYo
-----END PGP SIGNATURE-----
References: