[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: encoding: SPKI vs. SDSI
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Rodney" == Rodney Thayer <email@example.com> writes:
Rodney> What happened to the SIMPLE in SPKI? I don't call writing
Rodney> a policy programming language "simple".
Never the less, there will be one, and I think, many. I think this is
good. The way out is simple: don't define one now. There will be one
later. I don't think we know enough about what we want to do to try
and define everything now.
Now, I'd like to propose the following encoding format as a compromise.
The throw away byte at the beginning is the lf. A couple more lines
of code and it could be put back in if missing. Please look at the perl
code to decode this below. I wrote this cert in emacs. It is not
pretty, but it does have several properties:
- not free form, but it is human readable.
- no canonicalization issues.
- if all strings are printable, so is this format.
- no byte order issues
- simple to parse. Afterall, once the signature checks out,
the cert may be passed to another program.
I'm sure the perl code could be more compact, but I'm neither
Randall nor Tom.
# Format is simple.
# 1 byte throw away
# 8 bytes of hex length.
# 4 bytes for encoded type, preferably printable.
# length - 13 bytes of data
# The length includes the headers, and also the single
# character that preceeds the length. The single character
# is essentially ignored, but *IS* included in signatures, and
# will typically be syntactic sugar.
# Within a type, this same system may be repeated, or the type
# may employ fixed width fields. It is recommended that any
# type with optional fields using the taging system.
# All integers are encoded in hex, the length of them
# HEX digits are always in lower case.
# Types are ideally in upper case.
An example certificate (minus the signature) would be:
(the initial blank line is included)
I just spent thirty minutes (interrupted by IRC with my fiance
back in Ottawa) writing a Emacs Lisp calculator for the lengths,
and a perl pretty printer. The output of the above is:
pelti.ssh.fi-[~/spki] mcr 92 > perl decode.pl cert1
SUBJ packet of length 29
4d 31 32 33 34 35 36 37 38 39 61 62 63 64 65 66 M123456789abcdef
ISSU packet of length 29
4d 32 33 34 35 36 37 38 39 61 62 63 64 65 66 30 M23456789abcdef0
AUTH packet of length 96
MAYD packet of length 15
May delegate 255 times
USER packet of length 68
Authorization to login:
HOST packet of length 39
USER packet of length 16
I put these four files at http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/spki if you are interested.
-----BEGIN PGP SIGNATURE-----
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
-----END PGP SIGNATURE-----