[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (* reorder ...) comments



I've been trying to puzzle out what you mean, lacking the bandwidth of a
face-to-face exchange.   I have concluded (perhaps incorrectly) that we
are miscommunicating because of the tangent that the work has veered
away into a world where everything is a parenthetic S-expression.


> From: Carl Ellison <cme@cybercash.com>
> At 05:24 PM 8/26/97 GMT, William Allen Simpson wrote:
> >However, it seemed to me in reading the list some time ago, that the
> >consensus was that any mandatory parameters would be positional, and any
> >optional parameters would trail with explicit names.  That gives the
> >best of both worlds.  Why wasn't that adopted?
>
> There's the problem that we don't have a way to distinguish between an
> S-expression whose object name is a data type (e.g., "key" vs. "hash") and
> one whose object name is a parameter name (e.g., "e", "n", etc. in an RSA
> key definition).
>
For one thing, there is no reason to have the parameter names for RSA.
They are always present, and they are never re-ordered:

   (public-key rsa-pkcs1-md5 #03# |12121212121212=|)

Indeed, I don't see why you prefix "public-key" on the front of
"rsa-pkcs1-md5".  There is no real semantic difference between a
public-key and a hash of the public-key.  If we are going to support
arbitrary S-expression tags known only to the parties, then we might as
well start now:

   (rsa-pkcs1-md5 #03# |12121212121212=|)

But, look at the hoops we are jumping thru just to specify an issuer.
It would be much simpler to have:

  <issuer>:: "(" "issuer" <principal> <local-name>? <location>? ")" ;

  <local-name>:: "(" "name" <byte-string> ")" ;

  <location>:: "(" "location" <uri>* ")" ;

I don't see where the distinguishing "public-key" versus "hash" versus
"rsa-pkcs1-md5" would be a problem, as they are rather clearly different
than "name" and "location".

Heck, I don't see why we cannot toss "hash" altogether in this context,
and have:

  ( issuer #12345678# (location "ftp://greendragon.com/wsimpson") )

and

  ( issuer (rsa-pkcs1-md5 #03# |12121212121212=|)
           (location "ftp://greendragon.com/wsimpson")
  )

That kind of thing would get rid of several of the optional BNF hanging
around the <cert>, and eliminate a fair number of near duplicate
definitions.

Oh, yeah, and it would be a lot easier to convert to and from PGP....

WSimpson@UMich.edu
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32
BSimpson@MorningStar.com
    Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2

Follow-Ups: