[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: My two pennies
-----BEGIN PGP SIGNED MESSAGE-----
A million monkeys operating under the pseudonym
"Carl Ellison <firstname.lastname@example.org>" typed:
> At 03:57 PM 3/30/97 -0500, Marc Branchaud wrote:
> >(23) If we do this, we should define a specific <auth> or set of <auth>s
> >for when this is the case, and also explicitly state that May-delegate
> >MUST be 0. This, of course, complicates things. What, exactly, is the
> >meaning when a non-key object is the subject of a cert?
> I was thinking, for example, of a signed purchase order or electronic check,
> signed code, ....
So for a signed purchase order, how about an "<auth>" field
( Purchase_Order (Purchase_Order_Number 009641)
(Part_Number 254525) (Part_Name "W256 Advanced Widget")
(Quantity 7) (Price_Per_Part "USD 0.05")
(Total_Price "USD 0.35") (Sales_Tax "USD 0.01")
(Sales_Contact email@example.com) )
( Purchase_Order (Purchase_Order_Doc SHA1
I think that the "<auth>" field is destined to be used for
things that are only dimly related to "secure telnet session"
- -style "authentication". In fact, calling it "auth" can lead to
confusion, I think. (Q: "Is this a purchase order or just an
authorization to make a purchase order like the one described
here?" A: "What's the difference?")
My apologies if I have completely misunderstood something.
I am not a cypherpunk. NOT speaking for DigiCash or any other
person or organization. PGP sig follows
-----BEGIN PGP SIGNATURE-----
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2
-----END PGP SIGNATURE-----