[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
meanings of fields (was: Re: My two pennies)
At 09:42 PM 3/31/97 +0200, Bryce wrote:
>> I was thinking, for example, of a signed purchase order or electronic check,
>> signed code, ....
[as subject of a cert]
>
>
>So for a signed purchase order, how about an "<auth>" field
>containing:
>
>
>( Purchase_Order (Purchase_Order_Number 009641)
>(Part_Number 254525) (Part_Name "W256 Advanced Widget")
>(Quantity 7) (Price_Per_Part "USD 0.05")
>(Total_Price "USD 0.35") (Sales_Tax "USD 0.01")
>(Sales_Contact joe@widgets.com) )
>
>
>Or alternatively
>
>( Purchase_Order (Purchase_Order_Doc SHA1
>=SxVtA4KODLkzjQzzVFIL00pUc9J= http://acme.com/intranet/purchase_orders/009641
>))
>
>
>
>I think that the "<auth>" field is destined to be used for
>things that are only dimly related to "secure telnet session"
>- -style "authentication". In fact, calling it "auth" can lead to
>confusion, I think. (Q: "Is this a purchase order or just an
>authorization to make a purchase order like the one described
>here?" A: "What's the difference?")
I think you're correct. Since we're defining these fields now, we're free
to use them how we will. If we don't provide a decent outlet for something
a user needs to do, he'll do it whatever way we allow. Vid. the use of
CommonName in a SET DistinguishedName to hold the keyed hash of a
cardholder's account number for a SET cardholder certificate.
[That should be an <auth> field in an SPKI cert.]
I was hoping to put that object (or its hash) in a place which made the most
sense. To me, that was the subject -- since it was the thing we were
talking about in the certificate.
I have a common-language explanation of certificates which goes like:
Issuer: the thing (key) which speaks
Subject: the thing (key or object) spoken about
Auth: the thing being said
Validity: the period of time during which the Issuer will continue saying
Auth about Subject, so you don't have to go back and ask Issuer to
repeat itself
Delegate: whether Issuer will permit Subject to say Auth about other things
(making sense only if Subject can speak -- ie., is a signature key or hash
of one).
- Carl
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
References: