[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: specification language?
At 18:07 3/8/96, Paul Leach wrote:
>Simple. Very _very_ roughly, just to put up a target to shoot at, the
>basic kinds of things that need to be in a cert could be expressed
>using a RFC822-like form:
> Cert-Name: <DNS-name>
> Issuer-Name: <DNS-name>
> Key: <base64>
> Expires: <RFC1123-date>
> Serial: <RFC822-msgID>
> Sig: <base64>
>
>Cert-name
>is a DNS name where the certifcate is stored. US-ASCII. Doesn't solve
>the "friendly name" problem, but that's not simple, and (bald
>assertion) can be solved at a higher layer. The cert-name is under the
>control of the issuer, who guarantess that it is not a duplicate of any
>one they have certified before.
>
>Issuer-name
>is the DNS name of the signer of this certificate, and where the public
>key (DNSSEC) or spki-cert of the issuer can be found
I like this but would suggest a couple of changes to make it clear that we
include all of key-centered certification, not just name-centered.
Cert-Loc: <DNS-name>
Issuer-Loc: <DNS-name>
Key: <base64>
Expires: <RFC1123-date>
Serial: <RFC822-msgID>
Meaning: <<text>>
Sig: <base64>
I don't know an appropriate RFC for specifying the <<text>> -- but that's
where someone would put a name being associated with the key or a specific
permission or attribute being assigned to the key.
+--------------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430 http://www.cybercash.com/ |
|2100 Reston Parkway PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091 Tel: (703) 620-4200 |
+--------------------------------------------------------------------------+