[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SPKI in OpenPGP format


At 03:13 PM 1/23/98 -0800, Vinnie Moscaritolo wrote:
>Here is a possible way to represent a SPKI certifcate in OpenPGP format
>OpenPGP added a utility field called a notation that could be used
>to hold SPKI strings. Its more of a binary (un human readble version)
>but it does maintain the spirit of SPKI.


	I think I understand what you're trying here, but I wonder if you want to 
introduce all the complexity of SPKI in your format.

	For example, if I were to be designing this, I wouldn't create an SPKI 
SUBJECT field.  The subject can be the key to which this information is 
attached.  [Of course, I'm assuming that there would be normal SPKI certs 
living outside the structure.  If you're not assuming that, then I need to 
think some more.]

	To me, PGP suffers mostly from the lack of SDSI names.  I don't see PGP 
used to do general purpose access control -- the task for which SPKI's auth 
fields were created.

	So, the subset I would concentrate on in PGP is SDSI names.  Doing that 
requires some design work at the user interface level, rather than just in 
data structures.

	What features of SPKI do you believe PGP could benefit from?

	Can we translate from PGP to SPKI canonical format easily?

	Do we need to express everything SPKI can in the PGP format?

 - Carl

Version: PGP for Personal Privacy 5.5.3


|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |