List, I was wondering if the specification of <valid> in a certificate could be changed. The reason is that a certificate validity in SPKI is an exception ...
JoanMa Mas Ribés
mas@...
Jul 7, 1999 8:35 pm
727
... Hash: SHA1 ... s-expression ... JoanMa: This suggestion has some logical appeal, but I don't see that it makes the code any easier. You still have to...
Carl Ellison
cme@...
Jul 8, 1999 3:56 am
728
... Carl and list, I'll try to point out my reasons for this change: - Every field in a certificate has its own semantics (issuer, comment, version, subject,...
JoanMa Mas Ribés
mas@...
Jul 8, 1999 6:03 pm
729
... [code deleted] ... [code deleted] I don't believe that it's important to think of all of the validity parts of a certificate "on the page" as a single...
Matt Fredette
fredette@...
Jul 8, 1999 7:07 pm
730
... JoanMa, you make a compelling argument. Then again, so does Matt Fredette. ... [class definition example] ... [snip] ... The C code is Matt's and it's...
Carl Ellison
cme@...
Jul 9, 1999 5:30 am
731
... I think it's important that the standardisation process feel free to choose whichever option they think is best regardless of current implementations,...
Paul Crowley
paul@...
Jul 9, 1999 1:03 pm
732
... Except for Matt, I'm hearing all positive replies. Anyone out there agree with Matt? - Carl ...
Carl Ellison
cme@...
Jul 11, 1999 5:49 am
733
... A new release of the MIT SDSI/SPKI C software distribution is available. Go to http://theory.lcs.mit.edu/~cis/sdsi.html and follow the software...
Matt Fredette
fredette@...
Jul 12, 1999 1:55 pm
734
... The first release of the NO-CRYPTO version of the MIT SDSI/SPKI C software distribution is available. A NO-CRYPTO release is generated automatically from...
Matt Fredette
fredette@...
Jul 12, 1999 2:10 pm
735
... It seems that this would cancel (or at least change) the original argument? ... Another issue I raised is what this would mean to how certificates look. I...
Matt Fredette
fredette@...
Jul 12, 1999 8:52 pm
736
List, When I was working at the UCL I did a partial C++ implementation of the SPKI specification and I had the same issues as JoanMa is pointing out. I think ...
Xavier Serret-Avila
serret@...
Jul 12, 1999 8:53 pm
737
... (sent earlier on Friday to spki@... by accident) ... It seems that this would cancel (or at least change) the original argument? ... Another issue I...
Matt Fredette
fredette@...
Jul 12, 1999 8:53 pm
738
... CE> Except for Matt, I'm hearing all positive replies. Anyone out CE> there agree with Matt? I don't care one way or another, although I'd just as soon...
Jeremy Hylton
jeremy@...
Jul 12, 1999 10:34 pm
739
Hi list, First, sorry for being so quiet lately, but I'm out of the office from last thursday and until today I haven't been able to access my e-mail. ... I...
Joan Maria Mas Ribes
mas@...
Jul 14, 1999 12:58 am
740
At 01:33 AM 7/14/99 +0200, Joan Maria Mas Ribes wrote (in part): (Jeremy Hylton wrote) ... Well, ... not quite that easy. Is "not-before July 15" the same as...
Tony Bartoletti
azb@...
Jul 14, 1999 1:29 am
741
... TB> At 01:33 AM 7/14/99 +0200, Joan Maria Mas Ribes wrote (in part): TB> (Jeremy Hylton wrote) ... TB> Well, ... not quite that easy. TB> Is "not-before...
Jeremy Hylton
jeremy@...
Jul 14, 1999 5:23 pm
742
... MAS> I might misunderstand the SPKI spec, but in section 3.8 it MAS> says: No. The misunderstanding is mine. There is one sentence in Section 3.8 that is...
Jeremy Hylton
jeremy@...
Jul 14, 1999 5:58 pm
743
Jeremy Hylton wrote: Of course, the size of the boundary condition is one second and not one day. The only question would be whether (not-before...
Daniel Finkelstein
dfinkels@...
Jul 14, 1999 8:44 pm
744
... Agreed. But I believe there may be less confusion engendered with "on-or-after 23:15:10" than with "after 23:15:09". Consider the confused use in these...
Tony Bartoletti
azb@...
Jul 14, 1999 10:47 pm
745
Hi all, It seems that the discussion about the <validity> format is over, or at least there haven't been any opinions on the subject lately. Does this mean...
... Out of curiosity, does "not-after 23:15:09" mean not-after 23:15:09.00000... (i.e., on-or-before 23:15:09) or not-after 23:15:09.99999... (i.e.,...
Tony Bartoletti
azb@...
Jul 16, 1999 10:12 pm
747
... like ... good as ... Tony, since clock skew is frequently over 10 seconds even if you're careful to update time frequently, and minutes if you're not (even...
Carl Ellison
cme@...
Jul 17, 1999 4:53 pm
748
... If we open the syntax up for change, I'll want to change this back to (delegate). (propagate) was the result of a haggling over words more than a year ago...
Carl Ellison
cme@...
Jul 17, 1999 4:53 pm
749
... I'm happy to change that wording to require the order given. I don't believe we win anything with a variable order. ...
Carl Ellison
cme@...
Jul 17, 1999 4:54 pm
750
... With NTP, clock skews of small numbers of milliseconds are quite easily achievable, and a clock skew as bad as 1 second would be shocking. Better results...
Alan Barrett
apb@...
Jul 18, 1999 1:01 pm
751
... Hash: SHA1 ... Alan, I'm sure it's possible to have relatively small clock skews, provided people run the right software on their machines. That doesn't...
Carl Ellison
cme@...
Jul 18, 1999 3:37 pm
752
... Hmm. It's not impossible to imagine SPKI being used in some sort of circumstance where certificates have very short lifespans, where the participating...
Paul Crowley
paul@...
Jul 18, 1999 6:07 pm
753
... That's certainly possible for machines that are always on the net. In the real world, shockingly bad clock skews are very common :-) The standard Internet...
Bill Stewart
bill.stewart@...
Jul 18, 1999 7:37 pm
754
I don't know if this is either (a) original, or (b) wrong, but it occurs to me that there are circumstances where it would be useful to have the validity of a...
Paul Crowley
paul@...
Jul 23, 1999 12:21 pm
755
... I can, by a wild stretch of my imagination, envision a system where subsecond synchronization and validity make sense. Perhaps an authorization to send a...
