[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

certificate translation



-----BEGIN PGP SIGNED MESSAGE-----

At 06:56 PM 4/8/97 -0400, Phillip M. Hallam-Baker wrote:
>What might be worth investigating however is a model in which certificate
>interpretation was performed by specialist server (eg at a firewall boundary).
>Such a server might provide "summary" certificates to its clients which 
>would be used to authorize low level actions. This system might be based on
>lightweight MAC type authentication since non-repudiation might not be
>an issue.

A real example:

We can make 5-tuples from any kind of certificate, including X.509v3.  
However, one leading set of ASN.1 code for parsing X.509v3 takes, in minimum 
memory form, over 300KB of code.  It might be good to have a specialist 
server tie up that memory and translate such certs into 5-tuples which are 
then transmitted to the 5-tuple caches of those who want the work saved.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBM1KYKVQXJENzYr45AQFiGgP+LYnD6NY8I/aE9P8PdETyK1WtuNEWB4jZ
SUF71ozkhYk54SeIzjweHoV2A8qOYfxrqjtcSU+FVtoVM+SE9xEXVHq2Lmvfi0gx
QqnDlrRzRRSsmqWiafJhxoegdHlHzXnU3MaZYcPbneycD7MRV4RFI6sxoK0skVkl
6CPnHI2ehJA=
=oJ01
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+


References: