[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
X.509 ACs vs. SPKI?
Has someone made a comparison of what can / cannot be done
in X.509 Attribute Certificates (draft-ietf-pkix-ac509prof-00.txt)
that can be done with SPKI certificates? Would there be some ideas
in SPKI that could be used to enhance X.509 ACs?
My aim here is very pragmatic. I don't observe SPKI as going
forward, so I would like X.509 ACs to be able to do as much as
For the sake of conversation, here's a proposal how SPKI certificates
could be put inside X.509 ACs. I certainly do not claim that this
works as-is, but it might be made to work.
1) The server checking X.509 ACs is also acting as the CA that
issues those ACs.
2) The SPKI certificate security fields are mapped as follows:
Issuer = refers to the X.509 certificate of the server.
Subject = refers to the X.509 certificate of the client.
Delegation = ..as in SPKI..
Authority = ..as in SPKI..
Validity = attrCertValidityPeriod
org:L M Ericsson;LMF/T/TK
adr;quoted-printable:;;Oy L M Ericsson Ab=0D=0ATelecom R&D;;;02420 Jorvas;Finland