[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

comments on pre-Munich spki draft

To: spki@c2.net
Subject: comments on pre-Munich spki draft
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Sat, 16 Aug 1997 18:57:26 -0400
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----


  [It would be nice to have some smart-card manufacturers' on the
list. I'm going to BCC this to some people that I know that might be
building smart cards, or might know people that build them. Maybe they
will jump in below]

  Other comments about the draft:

  I think that we might express something like:
  hosts like:	*.sandelman.ottawa.on.ca   

  as a SDSI group. Are the members of the group defined as being part
of  
	(name DNS Canada Ontario Ottawa Sandelman))
  or
	(subject (name DNS sandelman.ottawa.on.ca))
  ??

  I need a *concrete* example of the reorder-* *-forms. The
socks/pants/tie example didn't quite explain it to me.

  I concur with moving k-of-n to a seperate draft, with lots of
examples, and perhaps even some lawyer speak included.

  We have a lot of discussion of SDSI names, but it isn't clear to me 
how they are expressed in the certificates. My guess is above.

   (cert
    (issuer (hash md5 |Ut9m14byPzdbCNZWdDjNQg==|))
    (subject
	(hash md5 |vN6ySKWE9K6T6cP9U5wntA==|))
    (tag (name fred)))

  I don't think that (do ...) is well enough documented. I suspect
that this is an advanced feature and belongs in a seperate draft. One
point: the basic version needs to be basic. Machines with the oompf to
support the advanced stuff probably can support PolicyMaker as well. 
  
  [This is where I hope the smartcard people will jump in!]

  In particular, (do ....) makes me think we are really defining a 
language, not a certificate format. This is fine with me,
btw. Algorithms and maps are exchangeable items, however, if we are
defining a language, may I suggest that we define it by more than BNF?
In particular, I think of John McCarthy (is he still alive, btw? a
twelve year old who first read him inside me wants to meet him)'s
books. 
  Carl, did you mention that your code to create the examples was
posted somewhere?

]  10s to Tokyo, 15m to the Cottage? What if I'm already there? | one quark   [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    | two quark   [
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ | red q blue q[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQB1AwUBM/YwUsmxxiPyUBAxAQFG8QL9GCnYpBQVFZPgPeyD5OZWn8FJYxBkVg9D
q/i/4lQP6f6jMJf1uPVK5Nu50k/Iex4VINgyuFW69ABec9fSZhCD5mxUNSrEhSe1
Pl1PXlmnqkXdlv2UR9zCq7WrmfKg81k0
=9Sk5
-----END PGP SIGNATURE-----

Follow-Ups:

(* reorder ...) comments

From: Carl Ellison <cme@cybercash.com>

DNS names

From: Carl Ellison <cme@cybercash.com>

K-of-N subjects

From: Carl Ellison <cme@cybercash.com>

Re: comments on pre-Munich spki draft

From: Carl Ellison <cme@cybercash.com>

Prev by Date: defining networks/prefix and host wildcards, and IPsec.
Next by Date: Re: job for the list: inventing (tag...) fields
Prev by thread: Re: defining networks/prefix and host wildcards, and IPsec.
Next by thread: (* reorder ...) comments
Index(es):
- Main
- Thread