[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate Variability

At 22:12 3/13/96, Tony Bartoletti wrote:
>In the spki discussion to date, at least two "straw-men" certificate
>structures have been offered up to serve as anchors for discussion.

>The first, I believe, was offered by Carl Ellison.  This "generalized"
>certificate has the following minimal structure:
>      Certifying-key:  <KEY_ID>
>      Signed-key:      <KEY_ID>
>      Validity:        <DATE_RANGE>
>      Meaning:         <variable structure>
>      (cert-key signature appended).

>Another target was offered recently by Paul Leach:
>      Cert-Name:       <DNS-name>
>      Issuer-Name:     <DNS-name>
>      Key:             <base64>
>      Expires:         <RFC1123-date>
>      Serial:          <RFC822-msgID>
>      Sig:             <base64>


        I like your analysis but don't believe that Paul and I are that far
apart [as I indicated in my previous message to Paul].  In particular, if
Paul were to relabel Cert-Name to Cert-Loc, then the label would be more
true to the meaning of that field and would not suggest a kinship to
X.509's use of DNs.  One *does* need to know where to find a given key.

If Paul were only to add a Meaning field, so that this format doesn't
suffer from the Vogon HQ problem, then I could see his proposal as a form
of mine -- with no real conflict.

 - Carl

|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |