X.509 ACs vs. SPKI?

[Ari Huttunen <Ari.Huttunen@lmf.ericsson.se>]

Hi,

Has someone made a comparison of what can / cannot be done 
in X.509 Attribute Certificates (draft-ietf-pkix-ac509prof-00.txt)
that can be done with SPKI certificates? Would there be some ideas
in SPKI that could be used to enhance X.509 ACs?

My aim here is very pragmatic. I don't observe SPKI as going
forward, so I would like X.509 ACs to be able to do as much as
possible...

For the sake of conversation, here's a proposal how SPKI certificates
could be put inside X.509 ACs. I certainly do not claim that this
works as-is, but it might be made to work.

1) The server checking X.509 ACs is also acting as the CA that
   issues those ACs.

2) The SPKI certificate security fields are mapped as follows:
   Issuer = refers to the X.509 certificate of the server.
   Subject = refers to the X.509 certificate of the client.
   Delegation = ..as in SPKI..
   Authority = ..as in SPKI..
   Validity = attrCertValidityPeriod

Cheers,

   Ari Huttunen
begin:vcard 
n:Huttunen;Ari
tel;fax:+358-9-2992634
tel;work:+358-9-2992472
x-mozilla-html:FALSE
org:L M Ericsson;LMF/T/TK
version:2.1
email;internet:Ari.Huttunen@lmf.ericsson.se
title:Software Designer
adr;quoted-printable:;;Oy L M Ericsson Ab=0D=0ATelecom R&D;;;02420 Jorvas;Finland
x-mozilla-cpt:;-30024
fn:Ari Huttunen
end:vcard

---

Follow-Ups:

• Re: X.509 ACs vs. SPKI?
• From: Carl Ellison <cme@acm.org>
• Re: X.509 ACs vs. SPKI?
• From: Vinnie Moscaritolo <vinnie@vmeng.com>

---

• Prev by Date: Re: Question
• Next by Date: Re: X.509 ACs vs. SPKI?
• Prev by thread: Re: KeyNote v2 trust management toolkit now available for beta testing
• Next by thread: Re: X.509 ACs vs. SPKI?
• Index(es):
  • Main
  • Thread