From owner-spki@c2.net Wed May 12 07:08:55 1999 Received: from blacklodge.c2.net (blacklodge.c2.net [140.174.185.245]) by lox.sandelman.ottawa.on.ca (8.8.7/8.8.8) with ESMTP id HAA15284; Wed, 12 May 1999 07:08:53 -0400 (EDT) Received: (from majordom@localhost) by blacklodge.c2.net (8.8.8/8.7.3) id CAA24457 for spki-outgoing; Wed, 12 May 1999 02:58:14 -0700 (PDT) Message-ID: <37395052.B4FD255E@lmf.ericsson.se> Date: Wed, 12 May 1999 12:56:34 +0300 From: Ari Huttunen Organization: Oy L M Ericsson Ab X-Mailer: Mozilla 4.5 [en] (X11; I; SunOS 5.5.1 sun4m) X-Accept-Language: en MIME-Version: 1.0 To: ietf-pkix@imc.org, spki@c2.net Subject: X.509 ACs vs. SPKI? Content-Type: multipart/mixed; boundary="------------0BB4536B87F531E79D7FA3D4" Sender: owner-spki@c2.net Precedence: bulk This is a multi-part message in MIME format. --------------0BB4536B87F531E79D7FA3D4 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi, Has someone made a comparison of what can / cannot be done in X.509 Attribute Certificates (draft-ietf-pkix-ac509prof-00.txt) that can be done with SPKI certificates? Would there be some ideas in SPKI that could be used to enhance X.509 ACs? My aim here is very pragmatic. I don't observe SPKI as going forward, so I would like X.509 ACs to be able to do as much as possible... For the sake of conversation, here's a proposal how SPKI certificates could be put inside X.509 ACs. I certainly do not claim that this works as-is, but it might be made to work. 1) The server checking X.509 ACs is also acting as the CA that issues those ACs. 2) The SPKI certificate security fields are mapped as follows: Issuer = refers to the X.509 certificate of the server. Subject = refers to the X.509 certificate of the client. Delegation = ..as in SPKI.. Authority = ..as in SPKI.. Validity = attrCertValidityPeriod Cheers, Ari Huttunen --------------0BB4536B87F531E79D7FA3D4 Content-Type: text/x-vcard; charset=us-ascii; name="Ari.Huttunen.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Ari Huttunen Content-Disposition: attachment; filename="Ari.Huttunen.vcf" begin:vcard n:Huttunen;Ari tel;fax:+358-9-2992634 tel;work:+358-9-2992472 x-mozilla-html:FALSE org:L M Ericsson;LMF/T/TK version:2.1 email;internet:Ari.Huttunen@lmf.ericsson.se title:Software Designer adr;quoted-printable:;;Oy L M Ericsson Ab=0D=0ATelecom R&D;;;02420 Jorvas;Finland x-mozilla-cpt:;-30024 fn:Ari Huttunen end:vcard --------------0BB4536B87F531E79D7FA3D4--