Re: Thoughts on the draft

[Carl Ellison <cme@cybercash.com>]

At 03:35 PM 9/3/96 EDT, Angelos D. Keromytis wrote:
>>Your approach is interesting.  Can you send more, to help me understand it?
>>
>The idea is that you initiate the parser over the certificate, and
>build some state. Then the application can check whether all fields
>are there (spki_require()), and if some are missing return an
>indication; ask for the value of a particular tag (spki_value()); get
>all the values of a particular tag (spki_dump()) or the number of
>values (spki_count()). 

[...]

The way I parse this, you put the certificate into a tag-addressable memory,
check that a particular set of tags is present and then go to work looking
at tag contents.  Does that capture it?

>There is special handling of signature tags.

To answer a question below, this is why we separate the signature tag from
the certificate body.

>I don't see why the placement of SIGNATURE makes any difference;
>signatures should compute over all fields in a certificate except
>other signature fields.

I put the signature outside so that everything within the BEGIN/END block
gets signed.


+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

---

Follow-Ups:

• Re: Thoughts on the draft
• From: "Angelos D. Keromytis" <angelos@gradin.cis.upenn.edu>

---

• Prev by Date: Re: Thoughts on the draft
• Next by Date: Re: Thoughts on the draft
• Prev by thread: Re: Thoughts on the draft
• Next by thread: Re: Thoughts on the draft
• Index(es):
  • Main
  • Thread