... question ... one ... should ... have 2 ... Yes, the hash of a public key is the hash of a canonical S-expression holding the public key. So, just alling...
Carl Ellison
cme@...
May 3, 1999 5:14 pm
693
Hi, Has someone made a comparison of what can / cannot be done in X.509 Attribute Certificates (draft-ietf-pkix-ac509prof-00.txt) that can be done with SPKI...
Ari Huttunen
Ari.Huttunen@...
May 12, 1999 12:04 pm
694
... Hi Ari. ... I perceive SPKI going forward. I'm currently doing an implementation at Intel, for example, and there are others doing implementations...
Carl Ellison
cme@...
May 12, 1999 6:20 pm
695
A lot of SPKI concepts can be found in PGPticket ftp://ftp.ietf.org/internet-drafts/draft-moscaritolo-mione-pgpticket-01.txt OpenPGP specifies message formats...
Vinnie Moscaritolo
vinnie@...
May 12, 1999 6:59 pm
696
... There are only two places that the policy written in a paper document can be understood/interpreted/enforced - in applications and in the user's brain. To...
David P. Kemp
dpkemp@...
May 25, 1999 5:08 pm
697
... Actually, if you want to bind X to an identity cert the only secure way is via that cert's hash as a whole, not the public-key hash. In fact, the cert ...
Ed Gerck
egerck@...
May 26, 1999 1:01 am
698
"David P. Kemp" wrote: [snip] ... [...] ... Hi David. You're right. We haven't demonstrated all that yet. We haven't tried, yet. However, I'm confident we...
Carl Ellison
cme@...
May 26, 1999 3:31 am
699
... I disagree. The hash of the public-key is also open to abuse since it does not securely include that key's validity date, does not include an originally...
Ed Gerck
egerck@...
May 26, 1999 5:27 am
700
Ed, In the (exceptional?) case where two identical public keys are generated independently, and both happen to attempt access to the same resource, then the...
Tony Bartoletti
azb@...
May 26, 1999 7:19 pm
701
... I don't quite get it. I assume that by "generation" you mean generation of a key_pair_? (As generating a public key without the corresponding private key...
Niels Möller
nisse@...
May 26, 1999 10:34 pm
702
... No, you got it right. I should have used (exceptional!) instead of (exceptional?) but I suppose there are other avenues of attack. If someone actually...
Tony Bartoletti
azb@...
May 27, 1999 1:01 am
703
... It is not clear to me that you would want to revoke an identifier. An identifier is just a byte string. The hash of the public key is a byte string that...
Carl Ellison
cme@...
May 27, 1999 5:24 pm
704
... I believe that this is the point. The AC would be associated with the key, not with any specific certificate. Yes, that means there is no published...
Terry Hayes
thayes@...
May 27, 1999 5:28 pm
705
... [snip] ... In SPKI, we distinguish between the terms "attribute cert" and "authorization cert". When I give talks on this subject, I draw a triangle whose...
Carl Ellison
cme@...
May 27, 1999 6:14 pm
706
... I used sloppy wording here and want to forestall a storm of replies pointing that out. There are *many* globally unique names: phone numbers, e-mail...
Carl Ellison
cme@...
May 27, 1999 6:34 pm
707
Dale, (Different Steve here, but never mind:-) I hope that the ACs I-D does contain exactly that. I'd certainly be interested in your comments if it doesn't! ...
Stephen Farrell
stephen.farrell@...
May 28, 1999 12:09 pm
708
Only minor quibble I'd have is... ... Its also possible, though most likely out of PKIX's scope, for an AC to be linked to e.g. Kerberos authentication or some...
Stephen Farrell
stephen.farrell@...
May 28, 1999 7:04 pm
709
... Slight digress from single/multiple hash algorithm support (I tend to agree with Steve - a fixed algorithm seems destined for trouble...) I have always...
Tony Bartoletti
azb@...
May 28, 1999 9:39 pm
710
Tony: I will reply in second-order ;-), to save time. ... As well as their issuance dates would differ-- which however could not be seen just by relying on the...
Ed Gerck
egerck@...
May 29, 1999 1:29 am
711
Another possibility is to say that the ESSCertid hash should use the hash function used for signing the authenticated attributes....
Peter Sylvester
Peter.Sylvester@...
May 31, 1999 9:34 am
712
Hi, for a fairly large project in health care computing, I am looking for public key infrastructure options. I do favor SPKI. Please if you know of any...
Gunther Schadow
schadow@...
Jun 1, 1999 11:05 pm
713
... In Logic, one distinguishes between material values and formal values. The formal value of the public-key hash is its byte string (as you say) and is...
Ed Gerck
egerck@...
Jun 2, 1999 1:43 am
714
On Tue, Jun 01, 1999 at 05:03:32PM -0700, Ed Gerck wrote: [...] ... But the binding between the key and the hash is the binding of interest. That the key may...
Kent Crispin
kent@...
Jun 2, 1999 2:51 am
715
... Hi Gunther. I should add a list of implementations to my web page. So far, I have a pointer to the MIT implementation there. I hope to have my own copy...
Carl Ellison
cme@...
Jun 2, 1999 5:57 am
716
... Alan, you're sounding like a vendor of commercial CAs or directories here :) - Carl -- Carl M. Ellison cme@... http://www.pobox.com/~cme ...
Carl Ellison
cme@...
Jun 2, 1999 6:40 am
717
... Hi all, I'm doing a Java implementation of SPKI and, unless there are some legal constraints in the project I'm working on I'm not aware of, will make it...
JoanMa Mas Ribés
mas@...
Jun 2, 1999 7:57 pm
718
... I put my own smiley there on purpose.... :) ... Good point. Actually, whenever I meet a certificate I have to ask what test the verifier is running that...
Carl Ellison
cme@...
Jun 3, 1999 7:24 am
719
Thanks for that Carl just one point ... Is that the one about getting blood on certificates :-) I am happy to discuss anything operational about PKI and if ...
Alan Lloyd
Alan.Lloyd@...
Jun 3, 1999 7:32 am
720
... [snip] ... Yup Blood in cyberspace can get really messy. There aren't any solid containers to keep it from leaking out. ... -- Carl M. Ellison...
Carl Ellison
cme@...
Jun 3, 1999 7:54 am
721
I have submitted new drafts for requirements and theory, both updated to the new drafts format rules. The theory document has a couple of small updates of...
