[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comments on pre-Munich spki draft

To: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Subject: Re: comments on pre-Munich spki draft
From: Carl Ellison <cme@cybercash.com>
Date: Tue, 26 Aug 1997 11:56:48 -0400
Cc: spki@c2.net
In-Reply-To: <199708162257.SAA00692@morden.sandelman.ottawa.on.ca>
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----

At 06:57 PM 8/16/97 -0400, Michael Richardson wrote:
>   (cert
>    (issuer (hash md5 |Ut9m14byPzdbCNZWdDjNQg==|))
>    (subject
>	(hash md5 |vN6ySKWE9K6T6cP9U5wntA==|))
>    (tag (name fred)))

This form of SDSI name definition turns out to be harder to process and not 
as rich as defining the name in the issuer.  I plan to write this up much 
better, shortly.

>  I don't think that (do ...) is well enough documented. I suspect
>that this is an advanced feature and belongs in a seperate draft. One
>point: the basic version needs to be basic. Machines with the oompf to
>support the advanced stuff probably can support PolicyMaker as well. 

(do ...) isn't an advanced feature.  It was specifically added with limited 
verifiers (like smartcards) in mind.  That is, it's the way the prover tells 
the verifier what to do and in what order.  If you're going to process 
K-of-N, you need it for sure -- but it's also useful just for indicating 
that the object just presented (e.g., a key) needs to be hashed by a 
particular algorithm and kept around because it's referred to later by that 
hash.

In other words, I agree with you that I didn't document (do ...) well enough.

 - Carl

>  Carl, did you mention that your code to create the examples was
>posted somewhere?

I said I plan to post it.  It isn't as complete as I want it but the next 
time I boot my LINUX drive, I'll bundle up what I have so far and just put 
it on my ftp site.  There's so much on my plate right now that polishing and 
fleshing out the example code isn't high enough priority.  Besides, if I 
post it, maybe someone on the list will improve and re-post it :)

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQCVAwUBNAL8wFQXJENzYr45AQGarQQAhUnbR6oG5RueFfSnpNuBmGeFRFYiMTMz
6HvPvXRxEBi0cIXFwW/2XlW5hRy7zI7y4EEXLNvx1vud23Gn6gRHa2KSJd3QuzG8
ITPyvAhjDktmA0X24HBLfpHQmCzr8T1xpVaJQ+FfR6rovmO9hG06v+nvuAAztO3r
GfowtcujYxU=
=FMqB
-----END PGP SIGNATURE-----

+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

References:

comments on pre-Munich spki draft

From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

Prev by Date: K-of-N subjects
Next by Date: Re: defining networks/prefix and host wildcards, and IPsec.
Prev by thread: Re: K-of-N subjects
Next by thread: Drastic SPKI simplifications
Index(es):
- Main
- Thread