[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Certificate proposal & X509 clarifications
-----BEGIN PGP SIGNED MESSAGE-----
>Date: Mon, 02 Oct 95 12:51:11 PST
>From: "baldwin" <[email protected] (Robert W. Baldwin)>
> The designers of version 1 of the X509 certificate format
>have realized that they need to allow issuers to attach all kinds
>of different attributes to a public key. This lead to version 3
>of the X509 format, which provides for general extensions.
However, in true ASN.1 form, they called for these extensions to be tied to
object identifiers (defining the attribute being defined). Therefore, you
have to get someone owning an OBJID tree branch to define meanings for you
- -- and you have to publish some worldwide book of mappings, etc. To me,
this needs nothing more elaborate than text. In fact, text is a fine
machine-independent coding.
[Thought experiment: imagine Postscript using ASN.1 coding rather than
ASCII. How many Postscript printers would there be today?]
> Question: what's a good way to have the existing PGP public
>key infrastructure interoperate with the X509 infrastructure?
Answer: wait until X.509 dies under its own weight and let them ask how to
interoperate with PGP.
- Carl
+--------------------------------------------------------------------------+
|Carl M. Ellison [email protected] http://www.clark.net/pub/cme |
|Trusted Information Systems, Inc. http://www.tis.com/ |
|3060 Washington Road PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2|
|Glenwood MD 21738 Tel:(301)854-6889 FAX:(301)854-5363 |
+--------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMHBj0VQXJENzYr45AQHVUAP/Xrb199NEwRoYydDGQK5l424k7neMRpp/
XZtU+7QO760v2YEPmf5EdWZ6S25wKLtaIVUhVr1MLyCRLyfRedXLdYzBqEVlHd2k
dGarIqkB/HOcmjYvZGxnYE+s2gLiTJ1FShgdWWGtC3qCMqlE3h4r5WuiGIotg/IL
WbzKq2oGzYA=
=qBPm
-----END PGP SIGNATURE-----