[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
-----BEGIN PGP SIGNED MESSAGE-----
At 06:56 PM 4/8/97 -0400, Phillip M. Hallam-Baker wrote:
>What might be worth investigating however is a model in which certificate
>interpretation was performed by specialist server (eg at a firewall boundary).
>Such a server might provide "summary" certificates to its clients which
>would be used to authorize low level actions. This system might be based on
>lightweight MAC type authentication since non-repudiation might not be
A real example:
We can make 5-tuples from any kind of certificate, including X.509v3.
However, one leading set of ASN.1 code for parsing X.509v3 takes, in minimum
memory form, over 300KB of code. It might be good to have a specialist
server tie up that memory and translate such certs into 5-tuples which are
then transmitted to the 5-tuple caches of those who want the work saved.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----