[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (* reorder ...) comments


At 04:29 AM 8/27/97 GMT, William Allen Simpson wrote:
>> From: Carl Ellison <cme@cybercash.com>
>> There's the problem that we don't have a way to distinguish between an
>> S-expression whose object name is a data type (e.g., "key" vs. "hash") and
>> one whose object name is a parameter name (e.g., "e", "n", etc. in an RSA
>> key definition).
>For one thing, there is no reason to have the parameter names for RSA.
>They are always present, and they are never re-ordered:
>   (public-key rsa-pkcs1-md5 #03# |12121212121212=|)

I agree.  I think Markku brought that up earlier and I'm planning to change 
the key definition.

>Indeed, I don't see why you prefix "public-key" on the front of
>"rsa-pkcs1-md5".  There is no real semantic difference between a
>public-key and a hash of the public-key.  If we are going to support
>arbitrary S-expression tags known only to the parties, then we might as
>well start now:
>   (rsa-pkcs1-md5 #03# |12121212121212=|)

It's a question of how many things you're going to have in a switch(){} 
statement and whether you want a grammar which is easily parseable.  That 
is, all the object names in the current BNF are constants, specified in the 
draft and not subject to expansion.  All the expansion happens in algorithm 
names or parameters of (tag ).

>But, look at the hoops we are jumping thru just to specify an issuer.
>It would be much simpler to have:
>  <issuer>:: "(" "issuer" <principal> <local-name>? <location>? ")" ;
>  <local-name>:: "(" "name" <byte-string> ")" ;
>  <location>:: "(" "location" <uri>* ")" ;

Bringing issuer-loc into issuer might be a real simplification.  Is that 
what you were suggesting?

>I don't see where the distinguishing "public-key" versus "hash" versus
>"rsa-pkcs1-md5" would be a problem, as they are rather clearly different
>than "name" and "location".

You can tell "public-key" from "hash" but if I use algorithm cme-alg-1, is 
it a hash or a PK or a SK algorithm?

>Heck, I don't see why we cannot toss "hash" altogether in this context,
>and have:
>  ( issuer #12345678# (location "ftp://greendragon.com/wsimpson") )

You need the hash algorithm name.  If we were to settle on SHA-1, for 
example, we simplify things greatly and that has appeal to me -- but it also 
limits the life of SPKI.

>That kind of thing would get rid of several of the optional BNF hanging
>around the <cert>, and eliminate a fair number of near duplicate

Good suggestions, for their mood even if I found nits to pick.

Thank you.

 - Carl

Version: PGP for Personal Privacy 5.0
Charset: noconv


|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |