[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rules for SPKI <auth> field comparisons

To: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Subject: Re: rules for SPKI <auth> field comparisons
From: Carl Ellison <cme@cybercash.com>
Date: Fri, 14 Mar 1997 15:00:03 -0500
Cc: spki@c2.net
In-Reply-To: <199703121210.OAA02355@morden.ssh.fi>
References: <Your message of "Mon, 10 Mar 1997 12:53:36 EST." <3.0.1.32.19970310125336.050a2068@cybercash.com>
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----

At 02:09 PM 3/12/97 +0200, Michael Richardson wrote:
>>>>>> "Carl" == Carl Ellison <cme@cybercash.com> writes:
>    Carl> We need to define a mechanism to be used by those who define
>    Carl> new <auth> fields so that they can describe the sorting
>    Carl> order for their fields.  We could fall back on the
>
>  I must admit that I don't understand this requirement.
>
>  At first I thought this was so that we could have a canonical order
>for the auth fields for signature.

No, I believe we should have the firm rule that one signs what is
transmitted.  There might be an exception for white space handling
if we adopt an ASCII format, thinking about SMTP or FTP ASCII mode.

>  Now, I think (based on your "checking" example) that this has
>more to do with interpretation of the auth field. This confuses me,
>because I thought this was necessarily application specific. 

The definition of an <auth> field is strictly up to the verifier.  His 
application is the only one that cares.  However, if anyone else is going to 
generate certs with these <auth> fields, it's just polite :) to communicate 
to that cert issuer what constitutes the semantics of the <auth> field(s) 
being generated.  It's also possible that we might produce a standard 
library for interpretation of 5-tuples to which some <auth> designer needs 
to communicate.

However, this isn't something the cert itself needs to worry about.  Agreed?

>  [I'm willing to write my cooked-ascii format up in an id if there is interest]

Not that I want to discourage volunteers, but the ASCII format you sent out 
before struck me as hard enough to read (for lack of spaces) that I'd 
imagine writing a custom editor to manipulate it - in which case it might as 
well be binary.  I'd like to hear from others on this.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMymuP1QXJENzYr45AQHNKwP/e602iaHHblfnfSW1D//bFMrD4IBe8rRO
xCIr9lc/HlcSz5xFlsT2huc11FyGhq0bin3++2+OcIZowmNNbzSGkMHH6JzNHTgd
by0MmVIg1MAEoI7/mVXk4QyLqr2LbfuoRX+YowAgaxoEjMiYvdddISgle9NiHjOj
kV7DenkKVjE=
=kRhU
-----END PGP SIGNATURE-----

+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

Follow-Ups:

Re: rules for SPKI <auth> field comparisons

From: "Angelos D. Keromytis" <angelos@CODEX.CIS.UPENN.EDU>

Re: rules for SPKI <auth> field comparisons

From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

References:

Re: rules for SPKI <auth> field comparisons

From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

Prev by Date: Re: auth fields
Next by Date: Re: fault tolerance of SPKI/SDSI
Prev by thread: Re: rules for SPKI <auth> field comparisons
Next by thread: Re: rules for SPKI <auth> field comparisons
Index(es):
- Main
- Thread