[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: encoding: SPKI vs. SDSI

To: spki@c2.net
Subject: Re: encoding: SPKI vs. SDSI
From: dpkemp@missi.ncsc.mil (David P. Kemp)
Date: Mon, 10 Mar 1997 11:56:34 -0500
Sender: owner-spki@c2.net

> From: "Frank O'Dwyer" <fod@brd.ie>
> 
> Even if you constrain the generator, the receiver still must 
> implement the checks since the data arrives 'flat'. That is 
> if the second field is always supposed to be a string, then you 
> still have to check that it is a string.

That is true of any transfer syntax.  Even if certificates are
human-readable ASCII in which every field is a string, at some point
you have to check that the "Validity" string is a legitimate validity
specification, a "Signature" string can actually be verified as a
digital signature, etc.

Allowing the decoder to verify that the second field is a string
(instead of a date or an integer, for example) allows the checks to be
done at a lower level, in a uniform instead of a structure-specific
manner.  From my POV, this is a huge advantage of using a strongly-typed
transfer syntax.

Prev by Date: RE: encoding: SPKI vs. SDSI
Next by Date: <auth> parameter field names?
Prev by thread: RE: encoding: SPKI vs. SDSI
Next by thread: RE: encoding: SPKI vs. SDSI
Index(es):
- Main
- Thread