[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Quick Survey: name certificate syntax

To: spki@c2.net
Subject: Quick Survey: name certificate syntax
From: Carl Ellison <cme@cybercash.com>
Date: Thu, 20 Nov 1997 00:47:29 -0500
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----

I would like a quick response from list participants.  What is your 
preference between the two options described here?  I'm planning to submit 
the next draft tonight and would like it to include the more popular form.

For the sake of simplifying the explanation of certificate meaning and 
cleaning up the reduction engine a little, I've been pretty well convinced 
by Ron Rivest's SPKI programmers to separate name certificates out from 
authorization certificates.  The difference is that a name certificate is 
always (tag (*)) [and by the stop-at-key rule, (propagate)].

If these are separate, they can have their own syntax.  The two candidates 
are:

cert
 (issuer (name <prin> <name>))
 (subject ...)
 (tag (*))
 <validity fields>
)

as in the current draft, and:

(name-cert
 (issuer <prin>)
 (name <name>)
 (subject ...)
 <validity fields>
)

which is closer to the original draft and something a number of people asked 
me for in Memphis.

The first form has the advantage that it reflects the form of the 
intermediate state during name string reduction.  That is, one expresses a 
name certificate internally as

	<issuer,subject,validity>

where issuer and subject are SDSI names (or raw keys).  So, the first form's 
issuer is used intact here, while the second form's issuer,name are combined 
to make this reduction tuple.

I'm easy on this.  I would like to hear opinions from the group -- hopefully
today.

Thanks,

Carl

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQCVAwUBNHPO7xN3Wx8QwqUtAQEK3wQAiqRSKkSmL+VQLwk3gpYUFgcddfLg6u5W
mFcrIs36mvl6G/3zpW0YxtRdAxA5o2huBbCmHds9kZ5a9IMHo8G8bBLkpYIxwT+P
cA446potLRWEv7fEw8LDqlSl4YGE8oJAFSOoPe/oubOORjn4Jzn0Zfx9z4JmmgOQ
wk4a3GUKPCk=
=xHdG
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

Follow-Ups:

six-page binary format draft (was: Quick Survey: name certificate syntax)

From: Tatu Ylonen <ylo@ssh.fi>

Prev by Date: Re: threshold subjects
Next by Date: Re: name as identity?
Prev by thread: Re: name as identity?
Next by thread: six-page binary format draft (was: Quick Survey: name certificate syntax)
Index(es):
- Main
- Thread