[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Certificate proposal
[email protected] (Tom Weinstein) writes:
>In article <[email protected]>, Hal <[email protected]> writes:
>> OK, so suppose I want to send my credit card number to Egghead Software.
>> I get one of these new-fangled certificates from somebody, in which
>> VeriSign has certified that key 0x12345678 has hash 0x54321. I think we
>> can agree that by itself this is not useful. So, it will also bind in
>> some attribute. What will that attribute be?
>Um, just a wild guess, but... your credit card number maybe? (Well,
>okay, its hash.)
I may not have been clear: the certificate I was referring to was the one
from Egghead, the one which I will use to make sure that I have a valid
key for Egghead. Such a certificate would of course not have my credit
card number; it would probably have some information related to Egghead.
My rhetorical point was that information would most plausibly be a NAME
by which I would refer to Egghead. I am still trying to understand how
these proposals to take names out of the picture will apply to a
commonplace situation like this one.