[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question



-----BEGIN PGP SIGNED MESSAGE-----

At 07:54 PM 4/29/99 +0200, JoanMa Mas Ribés wrote:
>
>List,
>
>I've started implementing a SPKI toolbox in Java, and right now I've a 
question
>(which won't be the last) about comparing principals.
>
>If I've understood it correctly, the field <uris> in a public key is used to
>point where you can get certificates on that key, right? I guess that the
><uris> field in the hash has the same purpose, when this hash is of a public
>key.
>
>The question is, how do I compute the hash of a public key? I mean, should
one
>take the s-expression representing the whole key (uris included)? If so, 
should
>I copy the <uris> field from the key into the hash? 
>
>And when comparing principals for "samePrincipalAs", do I take into account
>also the <uris> field? If the answer is yes, then a principal is not only a
>public key or hash, but also the <uris>, which has the problem that we'd 
have 2
>different principals represented by the same key but with different <uris>
>field. 
>And if not, then computing the hashing of a public key is a special case in
>SPKI (it'd only be some more lines of code), which would first remove the
><uris> field in the public key, compute the hash and add <uris> in the hash.
>
>I hope I made myself clear. Thanks a lot in advance.
>
>JoanMa

Yes, the hash of a public key is the hash of a canonical S-expression 
holding the public key.  So, just alling it the key hash is slightly 
misleading.  It is a placekeeper.  You could have put the whole public key 
S-expression there, but if the other party already has that S-expression, 
then you can save space by using just the hash of it.

Comparing principals, on the other hand, should be comparison of the key 
parameters.  The question there (e.g., for tuple reduction) is whether K1 is 
the same key that made a given digital signature.



-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5

iQCVAwUBNy24KhN3Wx8QwqUtAQFhNwQAje3YB+kDS/T7INxISrmNa1lDKNQkRt+o
Kxa0HRvCCjiK9YZQ0n1rB1bwt2mFGZWxAWdwFd5OV8b+DWMu03aI6x3MNmayEsVU
y9KOcQVGY7o3gDAuNajGAMBxwEIF5nGhZvmwU1IYdrtIgDrKBFU21Cc8WXByvevF
y1T3oon1Vvk=
=du6T
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison         cme@acm.org     http://www.pobox.com/~cme |
|    PGP: 08FF BA05 599B 49D2  23C6 6FFD 36BA D342                 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+

References: