[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: specification language?

At 18:07 3/8/96, Paul Leach wrote:

>Simple. Very _very_ roughly, just to put up a target to shoot at, the
>basic kinds of things that need to be in a cert could be expressed
>using a RFC822-like form:
>        Cert-Name:      <DNS-name>
>        Issuer-Name:    <DNS-name>
>        Key:            <base64>
>        Expires:        <RFC1123-date>
>        Serial:         <RFC822-msgID>
>        Sig:            <base64>
>is a DNS name where the certifcate is stored. US-ASCII.  Doesn't solve
>the "friendly name" problem, but that's not simple, and (bald
>assertion) can be solved at a higher layer. The cert-name is under the
>control of the issuer, who guarantess that it is not a duplicate of any
>one they have certified before.
>is the DNS name of the signer of this certificate, and where the public
>key (DNSSEC) or spki-cert of the issuer can be found

I like this but would suggest a couple of changes to make it clear that we
include all of key-centered certification, not just name-centered.

        Cert-Loc:       <DNS-name>
        Issuer-Loc:     <DNS-name>
        Key:            <base64>
        Expires:        <RFC1123-date>
        Serial:         <RFC822-msgID>
        Meaning:        <<text>>
        Sig:            <base64>

I don't know an appropriate RFC for specifying the <<text>> -- but that's
where someone would put a name being associated with the key or a specific
permission or attribute being assigned to the key.

|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |