[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


It might be useful to allow a special form in the "subject" part of 
a certificate or assertion to refer to the holder of a key (i.e. the
person, computer or other entity that controls the private signature

The syntax might be of the form:
	( keyholder <key-or-hash-of-key> )

Thus, we might have a certificate that looks like:

	( certificate
	  ( issuer ( hash sha1 &4567 ) )
          ( subject ( keyholder ( hash sha1 &1234 ) ) )
	  ( auth ( phone-number 617-253-9999 ) ) 
Here "phone-number" is an attribute of the holder of the key with hash
&1234, and not of the key itself.  This covers many of the uses for
the SDSI "autocert".  

Ron Rivest