[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: X.509 ACs vs. SPKI?

To: Ari Huttunen <Ari.Huttunen@lmf.ericsson.se>, spki@c2.net
Subject: Re: X.509 ACs vs. SPKI?
From: Vinnie Moscaritolo <vinnie@vmeng.com>
Date: Wed, 12 May 1999 10:06:28 -0700
In-Reply-To: <37395052.B4FD255E@lmf.ericsson.se>
References: <37395052.B4FD255E@lmf.ericsson.se>
Sender: owner-spki@c2.net

A lot of SPKI concepts can be found in PGPticket

 
  ftp://ftp.ietf.org/internet-drafts/draft-moscaritolo-mione-pgpticket-01.txt

     OpenPGP specifies message formats and certificate formats used for
    exchange of encrypted and/or authenticated objects. This document
    discusses methods of extending OpenPGP's message formats to support
    an authorization system. This system would use public key
    cryptography to authenticate a user to a server and establish the
    user's access permissions. The concept is that the user acquires a
    ticket signed by some issuer that specifies what they are entitled to
    do. That ticket is then submitted to a server. The server uses a
    challenge/response method to verify that the holder really has the
    matching private key. The server then allows the access specified.



On 5/12/99, Men from Black Helicopters forced "Ari Huttunen" to write :


>Hi,
>
>Has someone made a comparison of what can / cannot be done
>in X.509 Attribute Certificates (draft-ietf-pkix-ac509prof-00.txt)
>that can be done with SPKI certificates? Would there be some ideas
>in SPKI that could be used to enhance X.509 ACs?
>
>My aim here is very pragmatic. I don't observe SPKI as going
>forward, so I would like X.509 ACs to be able to do as much as
>possible...
>
>For the sake of conversation, here's a proposal how SPKI certificates
>could be put inside X.509 ACs. I certainly do not claim that this
>works as-is, but it might be made to work.
>
>1) The server checking X.509 ACs is also acting as the CA that
>   issues those ACs.
>
>2) The SPKI certificate security fields are mapped as follows:
>   Issuer = refers to the X.509 certificate of the server.
>   Subject = refers to the X.509 certificate of the client.
>   Delegation = ..as in SPKI..
>   Authority = ..as in SPKI..
>   Validity = attrCertValidityPeriod
>
>Cheers,
>
>   Ari Huttunen
>Content-Type: text/x-vcard; charset=us-ascii;
> name="Ari.Huttunen.vcf"
>Content-Transfer-Encoding: 7bit
>Content-Description: Card for Ari Huttunen
>Content-Disposition: attachment;
> filename="Ari.Huttunen.vcf"
>
>Attachment converted: G3:Ari.Huttunen.vcf (TEXT/R*ch) (00038B7C)


Vinnie Moscaritolo
http://www.vmeng.com/vinnie/
PGP: 3F903472C3AF622D5D918D9BD8B100090B3EF042
-------------------------------------------------------

Those who hammer their swords into plows,
will plow for those who don't."

References:

X.509 ACs vs. SPKI?

From: Ari Huttunen <Ari.Huttunen@lmf.ericsson.se>

Prev by Date: Re: X.509 ACs vs. SPKI?
Next by Date: RE: X.509 ACs vs. SPKI?
Prev by thread: Re: X.509 ACs vs. SPKI?
Next by thread: RE: X.509 ACs vs. SPKI?
Index(es):
- Main
- Thread