[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*To*: JoanMa Mas Ribés <mas@tele.ucl.ac.be>*Subject*: Re: Question*From*: Carl Ellison <cme@acm.org>*Date*: Mon, 03 May 1999 07:52:27 -0700*Cc*: SPKI List <spki@c2.net>*In-Reply-To*: <37289CB9.8D5CDDAE@tele.ucl.ac.be>*Sender*: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE----- At 07:54 PM 4/29/99 +0200, JoanMa Mas Ribés wrote: > >List, > >I've started implementing a SPKI toolbox in Java, and right now I've a question >(which won't be the last) about comparing principals. > >If I've understood it correctly, the field <uris> in a public key is used to >point where you can get certificates on that key, right? I guess that the ><uris> field in the hash has the same purpose, when this hash is of a public >key. > >The question is, how do I compute the hash of a public key? I mean, should one >take the s-expression representing the whole key (uris included)? If so, should >I copy the <uris> field from the key into the hash? > >And when comparing principals for "samePrincipalAs", do I take into account >also the <uris> field? If the answer is yes, then a principal is not only a >public key or hash, but also the <uris>, which has the problem that we'd have 2 >different principals represented by the same key but with different <uris> >field. >And if not, then computing the hashing of a public key is a special case in >SPKI (it'd only be some more lines of code), which would first remove the ><uris> field in the public key, compute the hash and add <uris> in the hash. > >I hope I made myself clear. Thanks a lot in advance. > >JoanMa Yes, the hash of a public key is the hash of a canonical S-expression holding the public key. So, just alling it the key hash is slightly misleading. It is a placekeeper. You could have put the whole public key S-expression there, but if the other party already has that S-expression, then you can save space by using just the hash of it. Comparing principals, on the other hand, should be comparison of the key parameters. The question there (e.g., for tuple reduction) is whether K1 is the same key that made a given digital signature. -----BEGIN PGP SIGNATURE----- Version: PGP 6.5 iQCVAwUBNy24KhN3Wx8QwqUtAQFhNwQAje3YB+kDS/T7INxISrmNa1lDKNQkRt+o Kxa0HRvCCjiK9YZQ0n1rB1bwt2mFGZWxAWdwFd5OV8b+DWMu03aI6x3MNmayEsVU y9KOcQVGY7o3gDAuNajGAMBxwEIF5nGhZvmwU1IYdrtIgDrKBFU21Cc8WXByvevF y1T3oon1Vvk= =du6T -----END PGP SIGNATURE----- +------------------------------------------------------------------+ |Carl M. Ellison cme@acm.org http://www.pobox.com/~cme | | PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | +--Officer, officer, arrest that man. He's whistling a dirty song.-+

**Question***From*: JoanMa Mas Ribés <mas@tele.ucl.ac.be>

- Prev by Date:
**Re: KeyNote v2 trust management toolkit now available for beta testing** - Next by Date:
**X.509 ACs vs. SPKI?** - Prev by thread:
**Question** - Next by thread:
**KeyNote v2 trust management toolkit now available for beta testing** - Index(es):