[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

slides from WG meeting, 31 Mar 98

To: spki@c2.net
Subject: slides from WG meeting, 31 Mar 98
From: Carl Ellison <cme@Cybercash.COM>
Date: Wed, 01 Apr 1998 10:48:11 -0500
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----

My slides for the working group meeting were all text.  I can furnish 
PowerPoint on request.  I am enclosing the text here in the body of this 
mail.  .rtf.gz format is available at

ftp://ftp.clark.net/pub/cme/ietf-3-98.rtf.gz for those who want to see the 
fonts and font sizes used by PowerPoint :)

 - Carl

P.S.  Bill Frantz reminded me after the meeting that I had omitted a DSA 
stub in the slides.  I don't have DSA in the current code but will add that 
as soon as the first release is done and it will have the same kind of 
stubbing if necessary for export purposes.  If I can find a good freeware 
implementation, I may even try to get approval to include it bodily.  
After all, DSA is good only for authentication.  That's why NSA chose it.


 -------------------------------------------


 ------------- Slide 1 ---------------
SPKI Draft and Code Status

Carl Ellison
cme@acm.org
31 Mar 1998

 ---------------- Slide 2 ----------------
Drafts

 *   requirements
     -  ready for informational RFC
 *   theory
     -  one update, then informational RFC
 *   structure
     -  BNF corrections and any feedback, then proposed standard

 --------------- Slide 3 -----------------
Structure draft changes

 *   <uris> changed to <uris>? in <hash> & <pub-key>
 *   <uris>::"(" "uri" <uri>+ ")"
     -  rather than <uri>*
 *   rsa-pkcs1 vs. rsa-pkcs1-sha1 (?)

 -------------- Slide 4 -------------------
Continuing Documents

 *   examples draft (more always welcome)
 *   FAQ (?)

 -------------- Slide 5 -----------------
Reference Code

 *   smd5, ssha1 -- hash object via md5 or sha-1
 *   ssign, fsign -- sign object, file
 *   sverify, fverify -- verify object, file
 *   validq -- ENV+ACL+SEQUENCE -> bool
 *   reduce -- ACL+SEQUENCE->ACL
 *   valid5, reduce5 -- 5-tuples in the sequences

 --------------- Slide 6 -----------------
Code details

 *   Code is small and fast.
 *   RSA ops left unimplemented:
     -  do_rsa_private( Sexp *key, int blklth, UC *inblk, UC *outblk)
     -  do_rsa_public( Sexp *key, int blklth, UC *inblk, UC *outblk )
 *   rsa-pkcs1 option not implemented yet

 ------------------ Slide 7 --------------
Code status (1)

 *   smd5, ssha1, ssign and fsign finished and tested against other 
     implementations (including an RSAREF implementation of the 
     signature code)
 *   my tests use BSAFE, but only for the two RSA operations
 *   sverify, fverify should be done this week

 ------------- Slide 8 --------------
Code status (2)

 *   validq (env) (acl) <(sequence) >bool
     -  (env) is one or more 5-tuples giving the request signer and the 
        <auth> we're trying to test, the current date & time as both 
        not-before and not-after, and an empty subject.
     -  That 5-tuple is walked through the certs and ACLs without full 
        reduction.
     -  If that walk results in (self,,*,*,*), then return true.

 ---------------- Slide 9 -----------------
Code status (3)

 *   reduce (acl)  <(sequence)  >(acl)
     -  the full 5-tuple reduction machine
     -  the (self,S,D,A,V) tuples that are derived from the (sequence) are 
        an ACL
 *   validq & reduce laid out but not finished
 *   all code will be posted with RSA operations omitted, to be added by the 
     receiver.

 ------------------- Slide 10 -----------------
PolicyMaker and KeyNote

We need to compare the power of PolicyMaker (PM), KeyNote (KN) and 5-Tuple 
Reduction (5TR) in expressiveness and execution.  
 *   Can all 5TR be mapped to KN? Automatically?
 *   Can all KN be mapped to 5TR? Automatically?
 *   Is the KN engine a good candidate for validq?
 *   What can PM do that KN and 5TR can't, and do we have any need for that?
 *   Details: "rsa-pkcs1", online tests, etc. in KN or PM?

 ------------- Slide 11 -----------------
References

 *   Documents in the internet-drafts directory as draft-ietf-spki-*
 *   Documents also at: http://www.clark.net/pub/cme/html/spki.html
 *   Code location will be announced to the list.
 *   Mailing list at spki@c2.net, subscribe via majordomo.

- -------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3

iQCVAwUBNSJhuhN3Wx8QwqUtAQFjZgQAjwmm66dA4ofJAJejFQM3Fa1QCyYZ7Da0
rEK/pizb2d6IX9+jOFf4jrve/V93y5D6oOwJyz/nSJLDmSd2ZuXceDb+XPwQf20Q
hIf9o7yEaBDqa2QmL93bD0PKJ6+OJPyuOkFUVeFNVEo8xi2ia9ZGF252Qssylvve
6D7QhtzxBlI=
=vtWj
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

Follow-Ups:

Re: slides from WG meeting, 31 Mar 98

From: Bill Frantz <frantz@netcom.com>

Prev by Date: Re: "do hash" unnecessary?
Next by Date: spki syntax
Prev by thread: Re: "do hash" unnecessary?
Next by thread: Re: slides from WG meeting, 31 Mar 98
Index(es):
- Main
- Thread