[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

meanings of fields (was: Re: My two pennies)

To: bryce@digicash.com
Subject: meanings of fields (was: Re: My two pennies)
From: Carl Ellison <cme@cybercash.com>
Date: Mon, 31 Mar 1997 17:02:23 -0500
Cc: Marc Branchaud <marcnarc@zoo.net>, spki@c2.net
In-Reply-To: <199703311942.VAA20107@digicash.com>
References: <Your message of "Mon, 31 Mar 1997 05:31:37 CDT." <3.0.1.32.19970331053137.04e660d8@cybercash.com>
Sender: owner-spki@c2.net

At 09:42 PM 3/31/97 +0200, Bryce wrote:
>> I was thinking, for example, of a signed purchase order or electronic check,
>> signed code, ....

	[as subject of a cert]

>
>
>So for a signed purchase order, how about an "<auth>" field
>containing:
>
>
>( Purchase_Order (Purchase_Order_Number 009641) 
>(Part_Number 254525) (Part_Name "W256 Advanced Widget") 
>(Quantity 7) (Price_Per_Part "USD 0.05") 
>(Total_Price "USD 0.35") (Sales_Tax "USD 0.01") 
>(Sales_Contact joe@widgets.com) )
>
>
>Or alternatively
>
>( Purchase_Order (Purchase_Order_Doc SHA1
>=SxVtA4KODLkzjQzzVFIL00pUc9J= http://acme.com/intranet/purchase_orders/009641 
>))
>
>
>
>I think that the "<auth>" field is destined to be used for 
>things that are only dimly related to "secure telnet session"
>- -style "authentication".  In fact, calling it "auth" can lead to
>confusion, I think.  (Q:  "Is this a purchase order or just an
>authorization to make a purchase order like the one described
>here?"  A:  "What's the difference?")

I think you're correct.  Since we're defining these fields now, we're free 
to use them how we will.  If we don't provide a decent outlet for something 
a user needs to do, he'll do it whatever way we allow.  Vid. the use of 
CommonName in a SET DistinguishedName to hold the keyed hash of a 
cardholder's account number for a SET cardholder certificate.
[That should be an <auth> field in an SPKI cert.]

I was hoping to put that object (or its hash) in a place which made the most 
sense.  To me, that was the subject -- since it was the thing we were 
talking about in the certificate.

I have a common-language explanation of certificates which goes like:

Issuer: the thing (key) which speaks

Subject: the thing (key or object) spoken about

Auth: the thing being said

Validity: the period of time during which the Issuer will continue saying 
Auth about Subject, so you don't have to go back and ask Issuer to 
repeat itself

Delegate: whether Issuer will permit Subject to say Auth about other things 
(making sense only if Subject can speak -- ie., is a signature key or hash
of one).

 - Carl

+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

References:

Re: My two pennies

From: Bryce <bryce@digicash.com>

Prev by Date: Re: Auth
Next by Date: Re: Re[2]: Comments on SPKI draft of 25 March 1997
Prev by thread: Re: My two pennies
Next by thread: Re: meanings of fields (was: Re: My two pennies)
Index(es):
- Main
- Thread