[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Keyholder

To: spki@c2.net
Subject: Keyholder
From: rivest@theory.lcs.mit.edu (Ron Rivest)
Date: Mon, 31 Mar 97 12:44:13 EST
Cc: blampson@microsoft.com
Sender: owner-spki@c2.net


It might be useful to allow a special form in the "subject" part of 
a certificate or assertion to refer to the holder of a key (i.e. the
person, computer or other entity that controls the private signature
key).

The syntax might be of the form:
	( keyholder <key-or-hash-of-key> )

Thus, we might have a certificate that looks like:

	( certificate
	  ( issuer ( hash sha1 &4567 ) )
          ( subject ( keyholder ( hash sha1 &1234 ) ) )
	  ( auth ( phone-number 617-253-9999 ) ) 
        )
        
Here "phone-number" is an attribute of the holder of the key with hash
&1234, and not of the key itself.  This covers many of the uses for
the SDSI "autocert".  

Ron Rivest

Prev by Date: abbr's
Next by Date: Multiple subjects and auths
Prev by thread: ISC Meeting Notice
Next by thread: Multiple subjects and auths
Index(es):
- Main
- Thread