[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Keyholder
It might be useful to allow a special form in the "subject" part of
a certificate or assertion to refer to the holder of a key (i.e. the
person, computer or other entity that controls the private signature
key).
The syntax might be of the form:
( keyholder <key-or-hash-of-key> )
Thus, we might have a certificate that looks like:
( certificate
( issuer ( hash sha1 &4567 ) )
( subject ( keyholder ( hash sha1 &1234 ) ) )
( auth ( phone-number 617-253-9999 ) )
)
Here "phone-number" is an attribute of the holder of the key with hash
&1234, and not of the key itself. This covers many of the uses for
the SDSI "autocert".
Ron Rivest