[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Thoughts on the draft

To: Carl Ellison <cme@cybercash.com>
Subject: Re: Thoughts on the draft
From: "Angelos D. Keromytis" <angelos@gradin.cis.upenn.edu>
Date: Tue, 03 Sep 1996 12:21:55 EDT
Cc: spki@c2.org, bt0008@entropy.sbc.com, frantz@netcom.com
In-Reply-To: Your message of "Tue, 03 Sep 1996 11:47:24 EDT." <3.0b11.32.19960903114713.00530270@cybercash.com>
Posted-Date: Tue, 3 Sep 1996 12:21:55 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----


In message <3.0b11.32.19960903114713.00530270@cybercash.com>, Carl Ellison writ
es:
>What do you mean by "signatures in the certificate"?  I think I'd like to
>hear your definition for certificate and an example of what you mean.  It
>sounds like you are using the word certificate to mean "that which gets sent
>as a unit from A to B in order to authorize A for some action" -- with the
>certificate holding all credentials which are required for that.
>
BEGIN:
NAME: Angelos D. Keromytis
ACCOUNT: 23476, 467
ACCOUNT: 1312, 12
ADDRESS: somewhere
SIGNATURE: {
	ISSUER: BANK1
	SUBJECT: 1, 365fdfe
	EXPIRATION: date1
	VALUE: 2, 8712637631786381762716
      }
SIGNATURE: {
	ISSUER: BANK2
	SUBJECT: 1, 365fdfe
	EXPIRATION: date2
	VALIDITY: something
	VALUE: 1, 8734682764827696750597805
      }
END:

>There appear to be two camps forming on this topic.  If we support both,
>then there would be two forms of certificate which wouldn't interoperate.
>The issue is which form is the source byte stream for the certificate's
>signature.  If there are native ASCII certs, then the ASCII is the source
>(ala SDSI).  If the binary is native, then the binary is the source.
>
>I've met people who want to work in nothing but ASCII.  I've met others who
>want to work in nothing but binary.
>
>Opinions on how to proceed?
>
Of course, we could mandate creating signatures on both forms of the
certificate, in which case one doesn't need to do any translating at
all. But i'd rather go for some other solution (either binary or ASCII
is the "default").

>If we were to go native ASCII, I find myself leaning in that direction also.
>I was talking a couple of weeks ago with Wei Dai (who is doing a SDSI
>implementation) and find I really like the S-expressions.  I'd like SDSI to
>have the ability to refer to other objects by hash-pointer, but the
>generality of S-expressions is nice.  It also opens up the possibility of
>including programs (ala PolicyMaker) in a cert body.
>
I'm not overly enthusiastic about programs in a cert body. I don't see
them as generally useful, since the application that issues the
certificates has no need to send out the program that would do the
verification, and any other application that needs to check
credentials would not trust an embedded program.
- -Angelos

-----BEGIN PGP SIGNATURE-----
Version: 2.6
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMixbIb0pBjh2h1kFAQEkswP8CKSTbRN6K3x6mym9s4VWqbPG8H0+iypQ
j9Gi3kWNUN8jrJHwRQeEFBENNmxT8TpMFTA9dHjZpEzZ2tmzX2cYHfHzcg0JANcq
NRRoVpzlKzZyqqWWcF24rHTWk8rQkimR1HAbXkolAwZf+sROixq68hOcjidh8Vxp
w+4nvAzujb8=
=wN5z
-----END PGP SIGNATURE-----

References:

Re: Thoughts on the draft

From: Carl Ellison <cme@cybercash.com>

Prev by Date: Re: Thoughts on the draft
Next by Date: Re: Thoughts on the draft
Prev by thread: Re: Thoughts on the draft
Next by thread: Re: Thoughts on the draft
Index(es):
- Main
- Thread