Jeff Weinstein <jsw@netscape.com> writes:
I think the old idea of a certificate just binding a name and a key is turning out to not be very useful. That is why Netscape Navigator 2.0 will support x509 version 3 certificates. They allow arbitrary attributes to be signed into a certificate. In this new world, you can think of a certificate as a way of binding a key with various arbitrary attributes, one of which may be(but is not required to be) a name.
OK, so suppose I want to send my credit card number to Egghead Software. I get one of these new-fangled certificates from somebody, in which VeriSign has certified that key 0x12345678 has hash 0x54321. I think we can agree that by itself this is not useful. So, it will also bind in some attribute. What will that attribute be? Hal