[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SPKI getting something done would be nice....

To: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>
Subject: Re: SPKI getting something done would be nice....
From: Carl Ellison <cme@cybercash.com>
Date: Tue, 17 Jun 1997 02:56:14 -0400
Cc: Peter Williams <peter@verisign.com>, William Allen Simpson <wsimpson@greendragon.com>, spki@c2.net
In-Reply-To: <199706170320.XAA24364@codex.cis.upenn.edu>
References: <Your message of "Mon, 16 Jun 1997 18:00:26 PDT." <33A5E1AA.68C52798@verisign.com>
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----

At 11:20 PM 6/16/97 +0100, Angelos D. Keromytis wrote:
>In message <33A5E1AA.68C52798@verisign.com>, Peter Williams writes:
>>Why is it undesirable to use a "MIME/PGP-signed bodypart"
>>as an SPKI cert? (which is what I suggested)?
>
>I suppose you are aware that the 'S' in SPKI stands for "Simple". I
>can't imagine an SPKI library having a MIME encoder/decoder...

Angelos and Peter,

	I'm not sure I see a conflict.  Of course, I'm coming into this
discussion very late.  I haven't had time to catch up on my SPKI mail, much
less work on the draft tonight!  I also need to prepare slides for Wednesday
(I think).

	It is clear to me that almost anything certificate-like (including signed 
messages, certificates, ACL entries) reduces to a 5-tuple for normal SPKI 
reduction (unless it is complex enough to require a program like PolicyMaker).

	It seems also clear that we can have volunteer programmers out there who 
write modules to convert from various formats to 5-tuples -- e.g., X.509v3, 
PGP/MIME, PGP signed keys, DNSSEC signed keys, SET certificates, ....  Once 
something has been converted to a 5-tuple, it can not only be reduced as 
part of a 5-tuple chain (loop), but the resulting

	<Self,X,D,A,V>

can be signed by Self, yielding an SPKI/SDSI certificate for X to use for 
however long V lasts, to save time and energy.

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: 5.0
Charset: noconv

iQCVAwUBM6Y1DVQXJENzYr45AQGs+AP/TwCQJ2papuWp7G5laBE0NtZydZ0I6CzC
CdHqHjP6VdyJdi5ha68a2je+olb3mMSiDhAuxsKXLYkcVN+aNqCNdjBxmFo3wvUN
6LIqhuz+Dz0KOCmfrkfXlO2nyJjhXXu6Q8taeDAZ/jSobCO30TJL1gniWxkaoGZk
ztXqFql79HM=
=0IRu
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

Follow-Ups:

Re: SPKI getting something done would be nice....

From: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>

References:

Re: SPKI getting something done would be nice....

From: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>

Prev by Date: Re: definition of cert - trust in SPKI certs
Next by Date: Re: SPKI getting something done would be nice....
Next by thread: Re: "auth" --> "tag" ??
Index(es):
- Main
- Thread