The future will be easy to use

Carl Ellison cme at TIS.COM
Thu Nov 30 07:55:30 PST 1995


-----BEGIN PGP SIGNED MESSAGE-----

>From: Rich Salz <rsalz at osf.org>
>Date: Wed, 29 Nov 1995 08:54:33 -0500



>Bingo!  This is one of the hard parts of certificate authorities; just
>what are you attesting to?  The American Bar Association has a big document
>for public review that addresses what this might mean; there are a couple
>of RFC's that specify CA policies (one from COST in Sweden, I think), and
>RSA and/or Verisign will give you their policy in hardcopy.
>
>In x.509v3 certificates, there is an extensible field where the key-signer
>can put arbitrary data.  The intent is apparently that you put the ISO
>object-ID (you know, those funny 1.3.2.11.... numbers) of the policy
>document.

Ah, yes.  Here's another example of the problem with ASN.1.  That field
could equivalently be just a URL for the policy document (or, if short
enough, the policy itself).  However, ASN.1 seduced folks into indirecting
this through some object ID -- bringing all these documents into the one
master hierarchy of things in the world.

Some people just like hierarchies, I guess. :)

>There is, of course, no way to interpret the semantics of this electronically.

Of course not.  In the end, a human needs to make the decision based on
ASCII text.

>It will be interesting to see how various companies address this issue,
>for example as they start to support arbitrary CA's in browsers or servers
>while doing commerce over the web.

Yup.

 - Carl

+--------------------------------------------------------------------------+
|Carl M. Ellison      cme at tis.com    http://www.clark.net/pub/cme	   |
|Trusted Information Systems, Inc.   http://www.tis.com/                   |
|3060 Washington Road          PGP 2.6.2:  61E2DE7FCB9D7984E9C8048BA63221A2|
|Glenwood MD  21738         Tel:(301)854-6889      FAX:(301)854-5363       |
+--------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBML3JY1QXJENzYr45AQHWIwP/VzoZuonIoMbIYHaA+noZpwnmNnxXc+jx
elJNQkHglyE7U1pBfC90s8IewujeG5T97v5g5e9bAXi/gysIPoguAXYSdIufvjz+
+WpCDrxn4UlfRzfOrTOgpZ1KQwPUllywOo1Yehd2h35ctJ8P7sa27mS/AEyET85E
rUvKlVpN/04=
=EhTO
-----END PGP SIGNATURE-----






More information about the cypherpunks-legacy mailing list