[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Certificate Variability
At 22:12 3/13/96, Tony Bartoletti wrote:
>In the spki discussion to date, at least two "straw-men" certificate
>structures have been offered up to serve as anchors for discussion.
>The first, I believe, was offered by Carl Ellison. This "generalized"
>certificate has the following minimal structure:
>
> Certifying-key: <KEY_ID>
> Signed-key: <KEY_ID>
> Validity: <DATE_RANGE>
> Meaning: <variable structure>
> (cert-key signature appended).
>Another target was offered recently by Paul Leach:
>
> Cert-Name: <DNS-name>
> Issuer-Name: <DNS-name>
> Key: <base64>
> Expires: <RFC1123-date>
> Serial: <RFC822-msgID>
> Sig: <base64>
Tony,
I like your analysis but don't believe that Paul and I are that far
apart [as I indicated in my previous message to Paul]. In particular, if
Paul were to relabel Cert-Name to Cert-Loc, then the label would be more
true to the meaning of that field and would not suggest a kinship to
X.509's use of DNs. One *does* need to know where to find a given key.
If Paul were only to add a Meaning field, so that this format doesn't
suffer from the Vogon HQ problem, then I could see his proposal as a form
of mine -- with no real conflict.
- Carl
+--------------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430 http://www.cybercash.com/ |
|2100 Reston Parkway PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091 Tel: (703) 620-4200 |
+--------------------------------------------------------------------------+