[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Thoughts on the draft

To: "Angelos D. Keromytis" <angelos@gradine.cis.upenn.edu>
Subject: Re: Thoughts on the draft
From: Carl Ellison <cme@cybercash.com>
Date: Tue, 03 Sep 1996 14:10:38 -0400
Cc: Kent Crispin <kent@bywater.songbird.com>, spki@c2.org, bt0008@entropy.sbc.com
Sender: owner-spki@c2.net

At 06:12 PM 8/29/96 EDT, Angelos D. Keromytis wrote:
>Essentially, having
>N signatures on a certificate is like having N certificates with the
>same body but different signatures/issuers. So, whereas now you'd use:
>
>BEGIN
>ISSUER: user1
>SUBJECT: 1, 12345
>ACCOUNT: 09876
>VALIDATION: something
>EXPIRATION: somethingelse
>SIGNATURE: signaturehere
>END
>
>BEGIN
>ISSUER: user2
>SUBJECT: 1, 12345
>ACCOUNT: 09876
>VALIDATION: yetsomethingelse
>EXPIRATION: youguessedit
>SIGNATURE: anothersignature
>END
>
>, my idea is to use:
>
>BEGIN
>SUBJECT: 1, 12345
>ACCOUNT: 09876
>SIGNATURE1: ISSUER: user1 VALIDATION: something
>	    EXPIRATION: somethingelse SIGNATURE: signaturehere
>SIGNATURE2: ISSUER: user2 VALIDATION yetsomethingelse
>            EXPIRATION: youguessedit SIGNATURE: anothersignature
>END
>
>So the SIGNATURE thingies can be used as detachable
>signatures as well and there's no replication of information. And of
>course one might elect not to send out all the signatures on his
>certificate for various reasons (dont want a bank to see if another
>one has signed this certificate).

If you were to follow SPKI format as in spki.txt, this would be:

BEGIN
SUBJECT: 1, 12345
ACCOUNT: 09876
END

SIGNATURE1: ISSUER: user1 VALIDATION: something
	    EXPIRATION: somethingelse SIGNATURE: signaturehere

SIGNATURE2: ISSUER: user2 VALIDATION yetsomethingelse
            EXPIRATION: youguessedit SIGNATURE: anothersignature

with an optional body hash to allow the signature to be truly detached.  I
think it's an interesting idea -- a one-line cert.  I'm not sure it
simplifies life for the implementor, however.

 - Carl

+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

Prev by Date: Re: Thoughts on the draft
Next by Date: Re: Multiple signature schemes
Prev by thread: Re: Thoughts on the draft
Next by thread: Re: Thoughts on the draft
Index(es):
- Main
- Thread