[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

meanings of fields (was: Re: My two pennies)

At 09:42 PM 3/31/97 +0200, Bryce wrote:
>> I was thinking, for example, of a signed purchase order or electronic check,
>> signed code, ....

	[as subject of a cert]

>So for a signed purchase order, how about an "<auth>" field
>( Purchase_Order (Purchase_Order_Number 009641) 
>(Part_Number 254525) (Part_Name "W256 Advanced Widget") 
>(Quantity 7) (Price_Per_Part "USD 0.05") 
>(Total_Price "USD 0.35") (Sales_Tax "USD 0.01") 
>(Sales_Contact joe@widgets.com) )
>Or alternatively
>( Purchase_Order (Purchase_Order_Doc SHA1
>=SxVtA4KODLkzjQzzVFIL00pUc9J= http://acme.com/intranet/purchase_orders/009641 
>I think that the "<auth>" field is destined to be used for 
>things that are only dimly related to "secure telnet session"
>- -style "authentication".  In fact, calling it "auth" can lead to
>confusion, I think.  (Q:  "Is this a purchase order or just an
>authorization to make a purchase order like the one described
>here?"  A:  "What's the difference?")

I think you're correct.  Since we're defining these fields now, we're free 
to use them how we will.  If we don't provide a decent outlet for something 
a user needs to do, he'll do it whatever way we allow.  Vid. the use of 
CommonName in a SET DistinguishedName to hold the keyed hash of a 
cardholder's account number for a SET cardholder certificate.
[That should be an <auth> field in an SPKI cert.]

I was hoping to put that object (or its hash) in a place which made the most 
sense.  To me, that was the subject -- since it was the thing we were 
talking about in the certificate.

I have a common-language explanation of certificates which goes like:

Issuer: the thing (key) which speaks

Subject: the thing (key or object) spoken about

Auth: the thing being said

Validity: the period of time during which the Issuer will continue saying 
Auth about Subject, so you don't have to go back and ask Issuer to 
repeat itself

Delegate: whether Issuer will permit Subject to say Auth about other things 
(making sense only if Subject can speak -- ie., is a signature key or hash
of one).

 - Carl

|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |